[Freeswitch-users] Polycom IP 335 - 401 Unauthorized .... NAT ISSUE?

Brian Foster bdfoster at endigotech.com
Fri Dec 7 21:54:28 MSK 2012 

Let's do this step by step. First of all, my server is off site. We are
going through a NAT in order to get to FreeSWITCH. Looks like this is the
same setup you have.

I have the same phone as you do:
Phone InformationPhone ModelSoundPoint IP 335Part Number2345-12375-001 Rev:AMAC
Address00:04:F2:37:3D:C0IP Address10.0.0.39UC Software
Version4.0.2.11307BootROM
Software Version5.0.2.12692

Alright so now that we have that squared away, the next step is to set up
the phone.

Settings > SIP

Local Settings:

Local SIP Port: 0
Calls Per Line Key: 4
New SDP Type: Disable
Live Communication Server Support: Disable
Non-Standard Line Seize: Enable
Digitmap: Not relevent
Digitmap Timeout: 3|3|3|3|3|3
Remove End-of-Dial Marker: Enable
Digit Impossible Match: 0

Outbound Proxy:

Address: <Blank>
Port: 0
Transport: DNSnaptr

Server 1:

Address: pbx.endigovoip.com
Port: 0
Transport: DNSnaptr (You shouldn't have issues with UDPonly, might be worth
trying though.
Espires (s): 3600
Register: Yes
Retry Timeout (ms): 0
Retry Maximum Count: 3
Line Seize Timeout: 30

I do not have a second server.

Settings > Network > NAT

NAT
*** IP Address*** Signalling Port*** Media Port StartKeep-Alive Interval (s)

Settings > Lines

 *Identification*
Display NameAddressAuthentication User IDAuthentication PasswordLabelType
Private  SharedThird Party NameNumber of Line KeysCalls Per LineRing TypeLow
TrillLow Double TrillMedium TrillMedium Double TrillHigh TrillHigh Double
TrillHighest TrillHighest Double TrillBeebleTripletRingback-styleLow Trill
PrecedenceRing Splash

 *Outbound Proxy*
AddressPortTransport                   UDPOnly
TCPpreferred                   DNSnaptr                   TCPonly
          TLS

 *Server 1*
AddressPortTransport                   UDPOnly
TCPpreferred                   DNSnaptr                   TCPonly
          TLS                 Expires (s)Register Yes  NoRetry Timeout
(ms)Retry
Maximum CountLine Seize Timeout (s)

 *Server 2*
AddressPortTransport                   UDPOnly
TCPpreferred                   DNSnaptr                   TCPonly
          TLS                 Expires (s)Register Yes  NoRetry Timeout
(ms)Retry
Maximum CountLine Seize Timeout (s)

 *Call Diversion*
*** Always Forward Enable  Disable*** Always Forward To Contact*** If Busy,
Forward Enable  Disable*** If Busy, Forward To Contact*** On No Answer,
Forward Enable  Disable*** On No Answer, Forward To Contact*** No Answer
Timeout (seconds)*** On Do Not Disturb, Forward Enable  Disable*** On Do
Not Disturb, Forward To Contact*** Disable Forward For Shared Lines Yes  No*
** Forward Specific Caller Enable  Disable

 *Message Center*
Subscription AddressCallback Mode                   Registration
       Contact                   Disabled                 Callback Contact


Check those and let us know where you stand after that.

-BDF

On Fri, Dec 7, 2012 at 1:20 PM, Steven Ayre <steveayre at gmail.com> wrote:

> Try this parameter:
> http://wiki.freeswitch.org/wiki/NDLB#NDLB-force-rport
>
> or if that fails
> http://wiki.freeswitch.org/wiki/NDLB#NDLB-connectile-dysfunction
>
>
> On 7 December 2012 16:39, Sean Devoy <sdevoy at bizfocused.com> wrote:
>
>> HI All,****
>>
>> ** **
>>
>> I am still banging my head against the wall here try to get a Polycom 335
>> to register w/ FS.  I have checked all the SERVER and USER/AUTH fields like
>> 1000 times and 900 variations.  I think my problem may be NAT related.  I
>> know on my CISCO 504G I had to enable several NAT features to work behind
>> our firewall.  I am totally new to Polycom, so some very basic help is
>> needed.****
>>
>> ** **
>>
>> The server is remote but not behind a NAT there.  The phones are NAT’ed
>> to the internet.  In the sofia sip trace I see this over and over:****
>>
>>
>> ------------------------------------------------------------------------*
>> ***
>>
>> recv 552 bytes from udp/[71.127.152.57]:1026 at 16:26:07.358892:****
>>
>>
>> ------------------------------------------------------------------------*
>> ***
>>
>>    REGISTER sip:fs_bfis.bizfocused.com SIP/2.0****
>>
>>    Via: SIP/2.0/UDP 10.10.40.47:5060;branch=z9hG4bKbf81dbdc8E687A5****
>>
>>    From: "228 Sean" <sip:228 at fs_bfis.bizfocused.com>;tag=3F42C046-B61A297
>> ****
>>
>>    To: <sip:228 at fs_bfis.bizfocused.com>****
>>
>>    CSeq: 1 REGISTER****
>>
>>    Call-ID: 2f482c2-2599cc43-1fb1a78 at 10.10.40.47****
>>
>>    Contact: <sip:228 at 10.10.40.47:5060>;methods="INVITE, ACK, BYE,
>> CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER"*
>> ***
>>
>>    User-Agent: PolycomSoundPointIP-SPIP_335-UA/3.3.3.0069****
>>
>>    Accept-Language: en****
>>
>>    Max-Forwards: 70****
>>
>>    Expires: 600****
>>
>>    Content-Length: 0****
>>
>> ** **
>>
>>
>> ------------------------------------------------------------------------*
>> ***
>>
>> send 710 bytes to udp/[71.127.152.57]:5060 at 16:26:07.359067:****
>>
>>
>> ------------------------------------------------------------------------*
>> ***
>>
>>    SIP/2.0 401 Unauthorized****
>>
>>    Via: SIP/2.0/UDP 10.10.40.47:5060
>> ;branch=z9hG4bKbf81dbdc8E687A5;received=71.127.152.57****
>>
>>   From: "228 Sean" <sip:228 at fs_bfis.bizfocused.com>;tag=3F42C046-B61A297*
>> ***
>>
>>    To: <sip:228 at fs_bfis.bizfocused.com>;tag=t232me1NSD02S****
>>
>>    Call-ID: 2f482c2-2599cc43-1fb1a78 at 10.10.40.47****
>>
>>    CSeq: 1 REGISTER****
>>
>>    User-Agent:
>> FreeSWITCH-mod_sofia/1.2.0-rc2+git~20120712T080314Z~435f28cefb+unclean~20120712T101002Z
>> ****
>>
>>    Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO,
>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE****
>>
>>    Supported: precondition, path, replaces****
>>
>>    WWW-Authenticate: Digest realm="fs_bfis.bizfocused.com",
>> nonce="b9583359-0163-4bf2-9818-788f64c34207", algorithm=MD5, qop="auth"**
>> **
>>
>>    Content-Length: 0****
>>
>> ****
>>
>> If I understand correctly, the server should be sending back this 401
>> message with the nonce so the phone can re-attempt the registration with an
>> encrypted password.  If NAT is failing, the phone is never seeing the 401
>> w/ the nonce.****
>>
>> ** **
>>
>> So what do I do in the WEB config interface to enable NAT on this phone?*
>> ***
>>
>> ** **
>>
>> Thanks,****
>>
>> Sean ****
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Brian D. Foster
Endigo Computer LLC
Email: bdfoster at endigotech.com
Phone: 317-800-7876
Indianapolis, Indiana, USA

This message contains confidential information and is intended for those
listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If
you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of
this information is strictly prohibited. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121207/79ef1673/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list