Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail
Sip registration proxy

 

End-to-End Mode

In the end-to-end mode, Cisco UBE collects the registrar details from the Uniform Resource Identifier (URI) and passes the registration messages to the registrar. The registration information contains the expiry time for rate-limiting, the challenge information from the registrar, and the challenge response from the user.
Cisco UBE also passes the challenge to the user if the register request is challenged by the registrar. The registrar sends the 401 or 407 message to the user requesting for user credentials. This process is known as challenge.
Cisco UBE ignores the local registrar and authentication configuration in the end-to-end mode. It passes the authorization headers to the registrar without the header configuration.

End-to-End Mode–Call Flows

This section explains the following end-to-end pass-through mode call flows:

Register Success Scenario.

The figure below shows an end-to-end registration pass-through scenario where the registration request is successful.

The register success scenario for the end-to end registration pass-through mode is as follows:

  1. The user sends the register request to Cisco UBE.
  2. Cisco UBE matches the request with a dial peer and forwards the request to the registrar.
  3. Cisco UBE receives a success response message (200 OK message) from the registrar and forwards the message to the endpoint (user).
  4. The registrar details and expiry value are passed to the user.

Registrar Challenging the Register Request Scenario.

The figure below shows an end-to end registration pass-through scenario where the registrar challenges the register request.

 

The following scenario explains how the registrar challenges the register request:

  1. The user sends the register request to Cisco UBE.
  2. Cisco UBE matches the register request with a dial peer and forwards it to the registrar.
  3. The registrar challenges the register request.
  4. Cisco UBE passes the registrar response and the challenge request, only if the registrar challenges the request to the user.
  5. The user sends the register request and the challenge response to the Cisco UBE.
  6. Cisco UBE forwards the response to the registrar.
  7. Cisco UBE receives success message (200 OK message) from the registrar and forwards it to the user.

 

Peer-to-Peer Mode

 

In the peer-to-peer registration pass-through mode, the outgoing register request uses the registrar details from the local Cisco UBE configuration. Cisco UBE answers the challenges received from the registrar using the configurable authentication information. Cisco UBE can also challenge the incoming register requests and authenticate the requests before forwarding them to the network.

In this mode, Cisco UBE sends a register request to the registrar and also handles register request challenges. That is, if the registration request is challenged by the registrar (registrar sends 401 or 407 message), Cisco UBE forwards the challenge to the user and then passes the challenge response sent by the user to the registrar.

In the peer-to-peer mode, Cisco UBE can use the authentication command to calculate the authorization header and then challenge the user depending on the configuration.

Note The registrar command must be configured in peer-to-peer mode. Otherwise, the register request is rejected with the 503 response message.

Peer-to-Peer Mode–Call Flows
This section explains the following peer-to-peer pass-through mode call flows:

Register Success Scenario

The figure below shows a peer-to-peer registration pass-through scenario where the registration request is successful.

The register success scenario for a peer-to-peer registration pass-through mode is as follows:

  1. The user sends the register request to Cisco UBE.
  2. Cisco UBE matches the register request with a dial peer and forwards the register request to the registrar.
  3. Cisco UBE receives a success message (200 OK message) from the registrar and forwards it to the endpoint (user). The following functions are performed:
    • Cisco UBE picks up the details about the registrar from the configuration.
    • Cisco UBE passes the registrar details and expiry value to the user.

Registrar Challenging the Register Request Scenario.

The figure below shows a peer-to-peer registration pass-through scenario where the registration request is challenged by the registrar.

 

The following scenario explains how the registrar challenges the register request:

  1. The user sends the register request to Cisco UBE.
  2. Cisco UBE matches the register request with a dial peer and forwards the register request to the registrar.
  3. The user responds to the challenge request.
  4. Cisco UBE validates the challenge response and forwards the register request to the registrar.
  5. Cisco UBE receives a success message from the registrar and forwards it to the endpoint (user).

 

Note You can configure Cisco UBE to challenge the register request and validate the challenge response.

Enabling Local SIP Registrar

Perform this task to enable the local SIP registrar.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    voice service voip

4.    sip

5.    registrar server [expires [max value] [min value]]

Configuring SIP Registration at the Global Level
Perform this task to configure the support for the SIP registration proxy on the Cisco UBE at the global level.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    voice service voip

4.    sip

5.    registration passthrough [static] [rate-limit [expires value] [fail-count value]] [registrar-index [index]]

6.    end

DETAILED STEPS

Step 1               
enable
Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2
configure terminalExample:

Device# configure terminal

Enters global configuration mode.
Step 3
voice service voipExample:

Device(config)# voice service voip

Enters voice-service configuration mode.
Step 4
sipExample:

Device(conf-voi-serv)# sip

Enters service SIP configuration mode.
Step 5
registration passthrough [static] [rate-limit [expires value] [fail-count value]] [registrar-index [index]]Example:

Device(conf-serv-sip)# registration passthrough

Configures the SIP registration pass-through options.

  • You can specify different SIP registration pass-through options using the following keywords:
    • rate-limit–Enables rate-limiting.
    • expires–Configures expiry value for rate-limiting.
    • fail-count–Configures fail count during rate-limiting.
    • registrar-index–Configures a list of registrars to be used for registration.
Step 6
endExample:

Device(conf-serv-sip)# end

Exits service SIP configuration mode and returns to privileged EXEC mode.
Configuring SIP Registration at the Dial Peer Level
Perform this task to configure SIP registration at the dial peer level.

SUMMARY STEPS

1.enable

2.configure terminal

3.dial-peer voice tag {pots | voatm | vofr | voip}

4.voice-class sip registration passthrough static [rate-limit [expires value] [fail-count value] [registrar-index [index]] | registrar-index [index]]

5.exit

DETAILED STEPS

Step 1                                                    
enable
Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2
configure terminalExample:

Device# configure terminal

 Enters global configuration mode.
Step 3
dial-peer voice tag {pots | voatm | vofr | voip}Example:

Device(config)# dial-peer voice 444 voip

 Enters dial peer voice configuration mode.
Step 4
voice-class sip registration passthrough static [rate-limit [expires value] [fail-count value] [registrar-index [index]] | registrar-index [index]]Example:

Device(config-dial-peer)# voice-class sip registration passthrough static

Configure SIP registration pass-through options on a dial peer on a dial peer.

  • You can specify different SIP registration pass-through options using the following keywords:
    • rate-limit–Enables rate-limiting.
    • expires–Configures expiry value for rate-limiting.
    • fail-count–Configures fail count during rate-limiting.
    • registrar-index–Configures a list of registrars to be used for registration.

 

 

 

 

 

Configuring Cisco UBE to Challenge Incoming Requests

Perform this task to configure Cisco UBE to challenge incoming requests.

You can configure Cisco UBE to challenge an incoming request. That is, you can configure Cisco UBE to send the 401 or 407 message to the caller requesting for credentials. Based on the information received, Cisco UBE authenticates the request. The configuration also enables Cisco UBE to pass the credentials provided by the user to the registrar if the registrar has challenged the request. In this way you can simulate a Service provider.

SUMMARY STEPS

1.enable

2.configure terminal

3.dial-peer voice tag {pots | voatm | vofr | voip}

4.authentication username username password [0 | 7password [realm realm [challenge]]

DETAILED STEPS

Step 1
enable 
Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2
configure terminal
Example:

Device# configure terminal

Enters global configuration mode.
Step 3
dial-peer voice tag {pots | voatm | vofr | voip}
Example:

Device(config)# dial-peer voice 444 voip

Enters dial peer voice configuration mode.
Step 4
authentication username username password [0 | 7password [realm realm [challenge]]
Example:

Device(config-dial-peer)# authentication username user1 password 7 password1 realm MyRealm.example.com challenge

Configures Cisco UBE to challenge the incoming registration request.

 

SIP trunk registration

 

Enabling the Outbound Proxy for Reuse
The existing enabling the outbound proxy CLI would be extended to turn on/off using the resolved IP address and port for a successful registration to all the subsequent outbound INVITE/REGISTER.

SUMMARY STEPS

1.enable

2.configure terminal

3.voice service voip

4.sip

5.outbound-proxy dns:host:domain reuse

 

SIP trunk registration Trace

 

End-to-end mode example:

REGISTER sip:sip.melbournetelecom.com.au:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.5.254:5060;branch=z9hG4bK011E5

From: <sip:[email protected]>;tag=3AC74-DF7

To: <sip:[email protected]>

Date: Mon, 16 Sep 2019 19:51:31 GMT

Call-ID: BFC0B995-D7F111E9-8002BC33-FDDC6A2F

User-Agent: Cisco-SIPGateway/IOS-12.x

Max-Forwards: 70

Timestamp: 1568663491

CSeq: 2 REGISTER

Contact: <sip:[email protected]:5060>

Expires:  3600

Supported: path

Content-Length: 0



*Sep 16 19:51:31.179: //3/000000000000/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 192.168.5.254:5060;branch=z9hG4bK011E5;received=122.105.210.134;rport=60463

From: <sip:[email protected]>;tag=3AC74-DF7

To: <sip:[email protected]>;tag=as033c6dcd

Call-ID: BFC0B995-D7F111E9-8002BC33-FDDC6A2F

CSeq: 2 REGISTER

Server: 2talk PBX

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE

Supported: replaces

WWW-Authenticate: Digest algorithm=MD5, realm="2talk.com.au", nonce="16d1380e"

Content-Length: 0





*Sep 16 19:51:31.199: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Sent:

REGISTER sip:sip.melbournetelecom.com.au:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.5.254:5060;branch=z9hG4bK11C0E

From: <sip:[email protected]>;tag=3AC74-DF7

To: <sip:[email protected]>

Date: Mon, 16 Sep 2019 19:51:31 GMT

Call-ID: BFC0B995-D7F111E9-8002BC33-FDDC6A2F

User-Agent: Cisco-SIPGateway/IOS-12.x

Max-Forwards: 70

Timestamp: 1568663491

CSeq: 3 REGISTER

Contact: <sip:[email protected]:5060>

Expires: 3600

Authorization: Digest username="61000000000",realm="2talk.com.au",uri="sip:sip.melbournetelecom.com.au:5060",response="9f5170629d229ae6039d584dfaf0d0d3",nonce="16d1380e",algorithm=MD5

Content-Length: 0





*Sep 16 19:51:31.219: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

OPTIONS sip:[email protected]:5060 SIP/2.0

Via: SIP/2.0/UDP 203.57.203.65:5060;branch=z9hG4bK668ca415;rport

Max-Forwards: 70

From: "2talkpbx" <sip:[email protected]>;tag=as7ba42132

To: <sip:[email protected]:5060>

Contact: <sip:[email protected]:5060>

Call-ID: [email protected]

CSeq: 102 OPTIONS

User-Agent: 2talk PBX

Date: Mon, 16 Sep 2019 09:51:31 GMT

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE

Supported: replaces

Content-Length: 0





*Sep 16 19:51:31.267: //4/36C308B98007/SIP/Msg/ccsipDisplayMsg:

Sent:

SIP/2.0 200 OK

Via: SIP/2.0/UDP 203.57.203.65:5060;branch=z9hG4bK668ca415;rport

From: "2talkpbx" <sip:[email protected]>;tag=as7ba42132

To: <sip:[email protected]:5060>;tag=3AD2C-1A77

Date: Mon, 16 Sep 2019 19:51:31 GMT

Call-ID: [email protected]

Server: Cisco-SIPGateway/IOS-12.x

CSeq: 102 OPTIONS

Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER

Allow-Events: telephone-event

Accept: application/sdp

Supported: 100rel,timer,resource-priority,replaces,sdp-anat

Content-Type: application/sdp

Content-Length: 168



v=0

o=CiscoSystemsSIP-GW-UserAgent 8076 7294 IN IP4 192.168.5.254

s=SIP Call

c=IN IP4 192.168.5.254

t=0 0

m=audio 0 RTP/AVP 18 0 8 4 2 15

c=IN IP4 192.168.5.254



*Sep 16 19:51:31.267: //3/000000000000/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 200 OK

Via: SIP/2.0/UDP 192.168.5.254:5060;branch=z9hG4bK11C0E;received=122.105.210.134;rport=60463

From: <sip:[email protected]>;tag=3AC74-DF7

To: <sip:[email protected]>;tag=as033c6dcd

Call-ID: BFC0B995-D7F111E9-8002BC33-FDDC6A2F

CSeq: 3 REGISTER

Server: 2talk PBX

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE

Supported: replaces

Expires: 3600

Contact: <sip:[email protected]:5060>;expires=3600

Date: Mon, 16 Sep 2019 09:51:31 GMT

Content-Length: 0

 

 

Refernce

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube_sipsip/configuration/xe-3s/asr1000/cube-sipsip-xe-3s-asr1000-book/voi-sip-trunk-reg.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube_sipsip/configuration/xe-3s/asr1000/cube-sipsip-xe-3s-asr1000-book/voi-sip-reg-proxy.html