<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Stefan,<br>
      <br>
      Thank you for your insight. You were right on that the spa was not
      getting the response. Once I started capturing packets at the
      firewall, it was quickly obvious that NAT was the culprit.
      However, how to get the NAT to behave correctly for that device
      took quite a bit of testing to determine.<br>
      <br>
      I now have 5 other devices working behind NAT and they all work
      fine without changes, but the Cisco SPA112 sends its SIP packets
      differently, which were not cooperating with the NAT configuration
      on my pfSense router/firewall. All NAT'd packets back to that
      device were being dropped at the firewall, even though it was
      configured to permit them.<br>
      <br>
      In FreeSWITCH, I created a separate sip profile to handle this
      special NAT case and through a trial of deduction found that
      setting NDLB-force-rport to true made packets NAT correctly back
      to the device. Other NAT configurations, including
      sip-force-contact with value NDLB-connectile-dysfunction on the
      specific user, did not work.<br>
      <br>
      Testing shows that the device on that sip profile, now works
      correctly. Are there any additional considerations I should take
      into account with this or other NAT options?<br>
      <br>
      Thank you very much to all who responded.<br>
      <div class="moz-signature"><br>
        Robert Oldham<br>
        <hr width="30%" align="left">
         Oldham Technology<br>
         W: 801-877-2190 x801<br>
         E: <a class="moz-txt-link-abbreviated" href="mailto:robert@oldhamtechnology.com">robert@oldhamtechnology.com</a><br>
         <a class="moz-txt-link-freetext" href="http://www.oldhamtechnology.com">http://www.oldhamtechnology.com</a><br>
        <br>
      </div>
      <br>
      On 01/02/2015 09:23 AM, Robert Oldham wrote:<br>
    </div>
    <blockquote cite="mid:54A6C5EF.3090006@oldhamtechnology.com"
      type="cite">
      <meta content="text/html; charset=windows-1252"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">I'll check that. I'll grab a packet
        capture within the local network and see if those packets are
        making it back.<br>
        <br>
        If it is a NAT problem, it is a little confusing that the other
        phones are getting theirs on the same network behind the same
        NAT. <br>
        <div class="moz-signature"><br>
          Thanks,<br>
          Robert Oldham
          <hr width="40%" align="left">  Oldham Technology<br>
           W: 801-877-2190 x801<br>
           E: <a moz-do-not-send="true"
            class="moz-txt-link-abbreviated"
            href="mailto:robert@oldhamtechnology.com">robert@oldhamtechnology.com</a><br>
           <a moz-do-not-send="true" class="moz-txt-link-freetext"
            href="http://www.oldhamtechnology.com">http://www.oldhamtechnology.com</a><br>
          <br>
          <br>
          On 01/02/2015 12:13 AM, Stefan Kainz wrote:<br>
        </div>
      </div>
      <blockquote
        cite="mid:E867A280-D8E1-4771-BB75-1BA4BB72562B@1012.at"
        type="cite">
        <meta http-equiv="content-type" content="text/html;
          charset=windows-1252">
        <div>Hello, </div>
        <div><br>
        </div>
        <div>This is most likely a nat problem. </div>
        <div>The spa is not getting the unauthorized response. </div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>Regards,<br>
        </div>
        <div><br>
          On 02 Jan 2015, at 08:02, Robert Oldham &lt;<a
            moz-do-not-send="true"
            href="mailto:robert@oldhamtechnology.com">robert@oldhamtechnology.com</a>&gt;

          wrote:<br>
          <br>
        </div>
        <blockquote type="cite">
          <div>1. Tenant domain is a valid domain that resolves to an IP
            address. Using the domain, the Cisco spa 112 contacts the
            server with the registration request.<br>
            2. The tenant domain is 27 characters.<br>
            3. The Cisco spa 112 is using the domain name and not the IP
            address of the server.<br>
            <br>
            I am only getting 401 answers, no 403s. This is what is
            confusing me: I am struggling to understand why the device
            will not send the authentication.<br>
            <br>
            Thank you,<br>
            Robert<br>
            <br>
            <br>
            <div class="gmail_quote">On January 1, 2015 8:50:30 PM MST,
              Luis Daniel Lucio Quiroz &lt;<a moz-do-not-send="true"
                href="mailto:luis.daniel.lucio@gmail.com">luis.daniel.lucio@gmail.com</a>&gt;

              wrote:
              <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
                0.8ex; border-left: 1px solid rgb(204, 204, 204);
                padding-left: 1ex;">
                <pre class="k9mail">Check this in this order:

1. tenant domain must resolve to a IP or you must use Proxy settings
in your phone
2. your tenant domain must not exceed 63 characteers (DNS restriction)
3. registar setting on your phone must be using the tenant domain, not the IP


if you only get 401 answers, that means you are not sending the authentication
if you get 403 answers, means you are sending wrong authentication
</pre>
              </blockquote>
            </div>
          </div>
        </blockquote>
        <blockquote type="cite">
          <div><span>_________________________________________________________________________</span><br>
            <span>Professional FreeSWITCH Consulting Services: </span><br>
            <span><a moz-do-not-send="true"
                href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br>
            <span></span><br>
            <span>Official FreeSWITCH Sites</span><br>
            <span><a moz-do-not-send="true"
                href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="http://www.cluecon.com">http://www.cluecon.com</a></span><br>
            <span></span><br>
            <span>FreeSWITCH-users mailing list</span><br>
            <span><a moz-do-not-send="true"
                href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br>
            <span>UNSUBSCRIBE:<a moz-do-not-send="true"
                class="moz-txt-link-freetext" href="http://">http://</a><a
                moz-do-not-send="true"
                href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br>
            <span><a moz-do-not-send="true"
                href="http://www.freeswitch.org">http://www.freeswitch.org</a></span></div>
        </blockquote>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>

Official FreeSWITCH Sites
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>

FreeSWITCH-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>

Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>

FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
    </blockquote>
    <br>
  </body>
</html>