The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sharpy
New Contributor

TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required

TA-908e is trying to establish a call through a Genband SBC.

The trunk is configured to authenticate, which it does (although it is still not responding to Options keep-alives (see How to get TA-908e to respond to OPTIONS request), we have turned that off in the SBC for it to allow the trunk to come up.

What the SBC is now requiring after all that is for the TA to authenticate on every call. When calls are sent from the TA to the SBC, the SBC responds with:

"SIP 407 Proxy Authentication Required"

In short, it wants the call to use the same credentials the trunk is already successfully using to authenticate during Registration.

But the INVITE call dialog is responding with:

Authentication Scheme: Digest

            Username: ""

            Realm: "Realm"

It is not using the trunk's credentials and leaving the Username blank.

Full packet is as follows:

Frame 158: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface 0

    Interface id: 0 (em1)

        Interface name: em1

    Encapsulation type: Ethernet (1)

    Arrival Time: Nov  9, 2017 10:28:26.173158499 Central Standard Time

    [Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1510244906.173158499 seconds

    [Time delta from previous captured frame: 0.003808057 seconds]

    [Time delta from previous displayed frame: 0.003808057 seconds]

    [Time since reference or first frame: 18.448503352 seconds]

    Frame Number: 158

    Frame Length: 1242 bytes (9936 bits)

    Capture Length: 1242 bytes (9936 bits)

    [Frame is marked: False]

    [Frame is ignored: False]

    [Protocols in frame: eth:ethertype:ip:udp:sip:sdp]

    [Coloring Rule Name: UDP]

    [Coloring Rule String: udp]

Ethernet II, Src: Cisco_c3:ec:c9 (a4:93:4c:c3:ec:c9), Dst: Advantec_8d:e1:5b (00:0b:ab:8d:e1:5b)

    Destination: Advantec_8d:e1:5b (00:0b:ab:8d:e1:5b)

        Address: Advantec_8d:e1:5b (00:0b:ab:8d:e1:5b)

        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

    Source: Cisco_c3:ec:c9 (a4:93:4c:c3:ec:c9)

        Address: Cisco_c3:ec:c9 (a4:93:4c:c3:ec:c9)

        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

    Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 172.16.37.166, Dst: 146.6.54.154

    0100 .... = Version: 4

    .... 0101 = Header Length: 20 bytes (5)

    Differentiated Services Field: 0x68 (DSCP: AF31, ECN: Not-ECT)

        0110 10.. = Differentiated Services Codepoint: Assured Forwarding 31 (26)

        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)

    Total Length: 1228

    Identification: 0x5c17 (23575)

    Flags: 0x00

        0... .... = Reserved bit: Not set

        .0.. .... = Don't fragment: Not set

        ..0. .... = More fragments: Not set

    Fragment offset: 0

    Time to live: 252

    Protocol: UDP (17)

    Header checksum: 0xc34a [validation disabled]

    [Header checksum status: Unverified]

    Source: 172.16.37.166

    Destination: 146.6.54.154

    [Source GeoIP: Unknown]

    [Destination GeoIP: Unknown]

User Datagram Protocol, Src Port: 5060, Dst Port: 5060

    Source Port: 5060

    Destination Port: 5060

    Length: 1208

    Checksum: 0x438a [unverified]

    [Checksum Status: Unverified]

    [Stream index: 10]

Session Initiation Protocol (INVITE)

    Request-Line: INVITE sip:95125553215@sippbx.mylab.net:5060 SIP/2.0

        Method: INVITE

        Request-URI: sip:95125553215@sippbx.mylab.net:5060

            Request-URI User Part: 95125553215

            Request-URI Host Part: sippbx.mylab.net

            Request-URI Host Port: 5060

        [Resent Packet: False]

    Message Header

        From: <sip:5125554942@sippbx.mylab.net:5060;transport=UDP>;tag=5283228-7f000001-13c4-236416-1d5c8e8a-236416

            SIP from address: sip:5125554942@sippbx.mylab.net:5060;transport=UDP

                SIP from address User Part: 5125554942

                SIP from address Host Part: sippbx.mylab.net

                SIP from address Host Port: 5060

                SIP From URI parameter: transport=UDP

            SIP from tag: 5283228-7f000001-13c4-236416-1d5c8e8a-236416

        To: <sip:95125553215@sippbx.mylab.net:5060>

            SIP to address: sip:95125553215@sippbx.mylab.net:5060

                SIP to address User Part: 95125553215

                SIP to address Host Part: sippbx.mylab.net

                SIP to address Host Port: 5060

        Call-ID: 52ca490-7f000001-13c4-236416-6d584b03-236416@sippbx.mylab.net

        CSeq: 2 INVITE

            Sequence Number: 2

            Method: INVITE

        Via: SIP/2.0/UDP 172.16.37.166:5060;branch=z9hG4bK-236416-8a3ef7b6-2b14a9ab

            Transport: UDP

            Sent-by Address: 172.16.37.166

            Sent-by port: 5060

            Branch: z9hG4bK-236416-8a3ef7b6-2b14a9ab

        Max-Forwards: 70

        Supported: 100rel,replaces

        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER

        User-Agent: ADTRAN_Total_Access_908e_2nd_Gen/R12.3.3.E

        P-Asserted-Identity: <sip:5125554942@sippbx.mylab.net>

            SIP PAI Address: sip:5125554942@sippbx.mylab.net

                SIP PAI User Part: 5125554942

                SIP PAI Host Part: sippbx.mylab.net

        Contact: <sip:5125554942@172.16.37.166:5060;transport=UDP>

            Contact URI: sip:5125554942@172.16.37.166:5060;transport=UDP

                Contact URI User Part: 5125554942

                Contact URI Host Part: 172.16.37.166

                Contact URI Host Port: 5060

                Contact URI parameter: transport=UDP

         [truncated]Proxy-Authorization: Digest username="",realm="Realm",nonce="MTUxMDIxODI0ODU0OGQxYjJlZjE2ODY5NzcxN2JjYTNiODQxN2Q4N2NlNjEx",uri="sip:95125553215@sippbx.mylab.net:5060",response="022661c2f5e309146adc70998dd30ac1",algorithm=MD5,cn

            Authentication Scheme: Digest

            Username: ""

            Realm: "Realm"

            Nonce Value: "MTUxMDIxODI0ODU0OGQxYjJlZjE2ODY5NzcxN2JjYTNiODQxN2Q4N2NlNjEx"

            Authentication URI: "sip:95125553215@sippbx.mylab.net:5060"

            Digest Authentication Response: "022661c2f5e309146adc70998dd30ac1"

            Algorithm: MD5

            CNonce Value: "8a3ef7b7"

            QOP: auth

            Nonce Count: 00000001

        Content-Type: application/sdp

        Content-Length: 210

    Message Body

        Session Description Protocol

            Session Description Protocol Version (v): 0

            Owner/Creator, Session Id (o): - 1510244905 1 IN IP4 172.16.37.166

                Owner Username: -

                Session ID: 1510244905

                Session Version: 1

                Owner Network Type: IN

                Owner Address Type: IP4

                Owner Address: 172.16.37.166

            Session Name (s): -

            Connection Information (c): IN IP4 172.16.37.166

                Connection Network Type: IN

                Connection Address Type: IP4

                Connection Address: 172.16.37.166

            Time Description, active time (t): 0 0

                Session Start Time: 0

                Session Stop Time: 0

            Media Description, name and address (m): audio 12018 RTP/AVP 0 101

                Media Type: audio

                Media Port: 12018

                Media Protocol: RTP/AVP

                Media Format: ITU-T G.711 PCMU

                Media Format: DynamicRTP-Type-101

            Media Attribute (a): silenceSupp:off - - - -

                Media Attribute Fieldname: silenceSupp

                Media Attribute Value: off - - - -

            Media Attribute (a): rtpmap:0 PCMU/8000

                Media Attribute Fieldname: rtpmap

                Media Format: 0

                MIME Type: PCMU

                Sample Rate: 8000

            Media Attribute (a): rtpmap:101 telephone-event/8000

                Media Attribute Fieldname: rtpmap

                Media Format: 101

                MIME Type: telephone-event

                Sample Rate: 8000

            Media Attribute (a): fmtp:101 0-15

                Media Attribute Fieldname: fmtp

                Media Format: 101 [telephone-event]

                Media format specific parameters: 0-15

Any ideas on what to set in the TA to correct this?

Labels (1)
Tags (1)
0 Kudos
2 Replies
shambler
New Contributor II

Re: TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required

On the Genband SBC Voice trunk, do you have  authentication username XXXXX password XXXX defined?

Would you be able to share the Voice Trunk configuration for the Genband SBC trunk?

Anonymous
Not applicable

Re: TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required

Sorry, I saw this post and I had similar problem encountered in NV6310. The SIP server require every invite received to be authenticated again despite the user had already registered to the sip trunk. The server sent a 401 Unauthorized with the nounce for the sip trunk to use to encrypt  the username and password but the username is blank, resulting a failure in authentication. Below is the trace captured at the server end:

09:03:10.270 SIP.MSG INVITE RSP TX p0282451972 0434284871

SIP/2.0 401 Unauthorized

From: <sip:p0282451972@abcde.com.au:5060;transport=UDP>;tag=50fe780-7f000001-13c4-161662-396912f6-161662

To: <sip:0434284871@abcde.com.au:5060>;tag=1946247272-1518044590200

Call-ID: 51412b8-7f000001-13c4-161662-502c883f-161662@abcde.com.au

CSeq: 1 INVITE

Via: SIP/2.0/UDP 10.0.7.62:5060;branch=z9hG4bK-161662-56476f3a-7d1a466a

WWW-Authenticate: Digest realm="abcde.com.au",nonce="BroadWorksXjddojybcTd4x2aqBW",algorithm=MD5,qop="auth"

Content-Length: 0

09:03:10.308 SIP.MSG INVITE REQ RX p0282451972 0434284871

INVITE sip:0434284871@abcde.com.au:5060 SIP/2.0

From: <sip:p0282451972@abcde.com.au:5060;transport=UDP>;tag=50fe780-7f000001-13c4-161662-396912f6-161662

To: <sip:0434284871@abcde.com.au:5060>

Call-ID: 51412b8-7f000001-13c4-161662-502c883f-161662@snowyhydro.com.au

CSeq: 2 INVITE

Via: SIP/2.0/UDP 10.0.7.62:5060;branch=z9hG4bK-161662-56476fc7-34cc933b

Max-Forwards: 70

Supported: 100rel

Supported: replaces

User-Agent: ADTRAN_Netvanta_6310_2nd_Gen/R12.3.3.E

Allow: ACK,BYE,CANCEL,INFO,INVITE,NOTIFY,OPTIONS,PRACK,REFER,REGISTER

Contact: <sip:p0282451972@10.0.7.62:5060;transport=UDP>

Authorization: Digest username="",realm="sbcde.com.au",nonce="BroadWorksXjddojybcTd4x2aqBW",uri="sip:0434284871@abcde.com.au:5060",response="3891233ec754b9051a411827b1fa535b",algorithm=MD5,cnonce="56476fc8",qop=auth,nc=00000001

Content-Type: application/sdp

Content-Length: 273

Packet below is “403 Authentication Failure”

09:03:10.408 SIP.MSG INVITE RSP RX p0282451972 0434284871

SIP/2.0 403 Authentication Failure

From: <sip:p0282451972@abcde.com.au:5060;transport=UDP>;tag=50fe780-7f000001-13c4-161662-396912f6-161662

To: <sip:0434284871@abcde.com.au:5060>;tag=90043862-1518044590329

Call-ID: 51412b8-7f000001-13c4-161662-502c883f-161662@snowyhydro.com.au

CSeq: 2 INVITE

Via: SIP/2.0/UDP 10.238.99.3:5060;branch=z9hG4bK-161662-56476fc7-34cc933b

Content-Length: 0

Below is the voice trunk configuration:

syNV6310#sho run voice trunk

Building configuration...

!

!

voice trunk T01 type sip

  sip-server primary sbc-nsw.nipt.telstra.com

  registrar primary sbc-nsw.nipt.telstra.com

  registrar expire-time 600

  conferencing-uri "t"

  domain "abcde.com.au"

  dial-string source to

  hmr Change_Called_Number in

  hmr ChangeCaller out

  register p0292781814 auth-name "p0292781814" password "P@ssword12g"

  register p0292781821 auth-name "p0292781821" password "P@ssword12h"

  register p0292781823 auth-name "p0292781823" password "P@ssword12i"

  register p0292781824 auth-name "p0292781824" password "P@ssword12j"

  register p0292781825 auth-name "p0292781825" password "P@ssword12k"

  register p0282451972 auth-name "p0292781812" password "P@ssword12e"

  register p0282451973 auth-name "p0292781813" password "P@ssword12f"

  trust-domain

  codec-list g711_g729 both

  grammar request-uri host domain

  grammar from host domain

  grammar to host domain

!

voice trunk T02 type isdn

  description "ISDN"

  resource-selection linear ascending

  connect isdn-group 1

  no early-cut-through

  rtp delay-mode adaptive

  codec-list SIP

!

end

syNV6310#

Appreciate your advice on how to resolve this problem. The NV6310 is running with R12.3.3.E.