Help! - Cisco PIX - breaks SIP Digest authentication

Discussion in 'VOIP' started by Mike Bromwich, Oct 3, 2004.

  1. Hi

    I have a SIP proxy server behind a Cisco PIX box, and need external
    UAs to be able to place calls through it. Since the SIP proxy handles
    the required address translations, I do not need the PIX to do any
    fixup. I have therefore disabled the fixup in the configuration file.

    However, the PIX is still insisting on replacing the IP address in the
    URI part of the digest authentication header. Since the URI forms part
    of the data over which the MD5 digest is calculated, this in turn
    invalidates the authentication response and authentication fails.

    If I connect the proxy directly to the internet (i.e. bypass the PIX),
    then the authentication works fine.

    Is there any way to stop the PIX interferring here? It appears that
    there is no way to disable the SIP fixup for UDP-encapsulated SIP - I
    found this on the Cisco site...

    'Application inspection of UDP for SIP is always enabled—it is
    currently not configurable.'

    If this is the case, how can digest authentication for SIP ever work
    through a PIX?

    Mike
    Mike Bromwich, Oct 3, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tejlor
    Replies:
    2
    Views:
    2,278
    tejlor
    Nov 25, 2003
  2. EJ
    Replies:
    0
    Views:
    456
  3. Replies:
    1
    Views:
    753
    ipacl
    Dec 13, 2006
  4. Replies:
    0
    Views:
    531
  5. Replies:
    0
    Views:
    499
Loading...

Share This Page