Ext 5222 on
PBX1 Cisco CUCM9.1 (10.10.10.220)
SIP Trunked to
PBX2 FreePBX 2.11 (10.10.10.71)
Ext 6203 and 6204
On PBX1 (CUCM) the ext 5222 has been set to forward all calls to ext 6204
Only one calling scenarios does not work - if a user on PBX2, such as 6203, calls ext 5222, the forwarded call goes to PBX1, an invite comes back to PBX2, but is being rejected as unauthorized.
All other scenarios do work, other PBX1 users can call 5222 and gets to 6204 just fine, even calls trunked from other locations to PBX1.
I tried a lot of stuff, allowing guest and anonymous and reinvites and such, but I can’t grasp exactly why this call is being rejected.
The trunk is “from-trunk” and the user is default (from-internal I think). The weird part is that it seems to work if I add another pbx inbetween, like if it proxies from one trunk to another inbetween it is allowed.
Here is a log with SIP Debug of the denied call routing:
As a new user I dont have right to post a link - so it has been doconstructed, I didnt see any way to attach a log file either(?) - so add the http colon slash slash in front and remove spaces: stokkeland.net /jts/voip/?showme=le0d9uikfd90dick33ejd3
(6203 calls 5222, hits the trunk, comes back for 6204, unauthorized)
I also tried setting “From-internal” on the trunk to see if it was just a context issue, but that didnt fix it.
So, it appears to be something in SIP/Asterisk where if a call fwd comes directly back at you, it is unauthorized - but if it is trunked via another hop and back it works fine… is there any advanced “minimum hop” setting or something?
I am wondering if I need to set up a vanilla asterisk to test this without freepbx to see if its asterisk itself in some fashion.
So I have figured out something here -but unsure how to solve it. I installed plain asterisk and played around a bit.
To re-list the secanario.
BX1/Cisco - Ext 5222 which callfwd set to 6203
PBX2/Fpbx - Ext 6203, ext 6204
From registered ext 6203 I call 5222, the cisco fwds on a new channel back to PBX2 for 6204
but asterisk rejects the call as chan_sip.c:23059 handle_response_invite: Failed to authenticate on INVITE
If I configure sip for 6204 and add insecure=invite
it now starts working
so what I dont get is how come it works if the call is from anywhere else - but if I call from my own pbx and it is fwd right back to me, it fails on that invite? but if it is trunked to another pbx before it comes right back, then it also works…
since setting insecure=invite on every extension is probably not a good idea… I keep trying to figure this out but havent had much luck.
I did find that if I in the CUCM change the trunk setting, outgoing calls, “Calling Party Selection” to anything but “Orignator” it work - that basically changes the from to the redirected number… that is not what we want though, we want the original number as caller id, but for some weird reason if this goes straight to peer and comes right back it fails - if it gets channeled via another peer before coming back it works fine - i do NOT underatand what the difference is in what asterisk is seeing?