Summary:ASTERISK-19092: cisco phone 79xx can't register
Reporter:Ludovic LEVET (llevet)Labels:
Date Opened:2011-12-21 12:10:16.000-0600Date Closed:2011-12-22 08:54:14.000-0600
Status:Closed/CompleteComponents:. I did not set the category correctly.
Versions:11.25.3 Frequency of
Description:Config change of sip.conf related to AST-2011-013 nat=yes.
Now cisco phone 79xx are not enable to register.

The key issue with these phones and asterisk is that they WILL NOT WORK if you have nat=yes anywhere in your sip definition for that phone. This is because the Cisco 79×x phones send their SIP traffic from a very high source port, however they will only accept responses from port 5060 (or whatever you've defined in the .cnf.xml file). Asterisk, however, will try to send it's responses back on the source port that traffic arrived on if nat=yes is set.
Comments:By: Paul Belanger (pabelanger) 2011-12-21 14:30:10.140-0600

Sounds like we need to document this, and have Cisco fix the problem?

By: Terry Wilson (twilson) 2011-12-21 14:35:40.322-0600

Just set nat=no in general if the change is a problem for you. It is documented that if your phone doesn't work with nat=no, you will no longer be able to rely on the default setting.

By: Ludovic LEVET (llevet) 2011-12-21 14:54:13.185-0600

Yes, putting global nat=no is working, but it must be documented as WARNING !.
The latest version of SIP firmware is 8.12, and the problem is the same.


By: Matt Jordan (mjordan) 2011-12-22 08:54:14.130-0600

I'm closing this as not a bug for the following reasons:

1. Asterisk is behaving exactly as its supposed to in the present of the nat settings, as documented in sip.conf.
2. Issue a blind WARNING on a peer has no use outside of the Cisco phone.  WARNINGs are not intended to convey configuration information.
3. The conversations on the mailing lists (asterisk-dev and asterisk-users) have already explored the different NAT settings, their effects, and what we feel, in the presence of the security vulnerability documented in AST-2011-013, the default settings should be.  Revisiting this again in JIRA is not the appropriate forum.

The correct forum for notifying the user community of limitations with the Cisco phones in the presence of the default NAT settings should be the asterisk-users mailing list.