AudioCodes Mediant 1000B User Manual page 1110
Media gateway & enterprise session border controller (e-sbc)
Hide thumbs
Also See for Mediant 1000B:
- User manual (1281 pages) ,
- Hardware installation manual (92 pages) ,
- Configuration note (52 pages)
Table of Contents
Advertisement
Parameter
Lifetime of the nonce in
seconds
lifetime-of-nonce
[AuthNonceDuration]
Authentication Challenge
Method
auth-chlng-mthd
[AuthChallengeMethod]
Authentication Quality of
Protection
auth-qop
[AuthQOP]
SBC User Registration
Time
sbc-usr-rgstr-time
[SBCUserRegistrationTim
e]
User's Manual
[2] = Authentication is done according to the Draft Sterman-aaa-sip-
01 method.
Note: Currently, option [1] is not supported.
Defines the lifetime (in seconds) that the current nonce is valid for
server-based authentication. The device challenges a message that
attempts to use a server nonce beyond this period. The parameter is
used to provide replay protection (i.e., ensures that old communication
streams are not used in replay attacks).
The valid value range is 30 to 600. The default is 300.
Defines the type of server-based authentication challenge.
[0] 0 = (Default) Send SIP 401 "Unauthorized" with a WWW-
Authenticate header as the authentication challenge response.
[1] 1 = Send SIP 407 "Proxy Authentication Required" with a Proxy-
Authenticate header as the authentication challenge response.
Defines the authentication and integrity level of quality of protection
(QoP) for digest authentication offered to the client. When the device
challenges a SIP request (e.g., INVITE), it sends a SIP 401 response
with the Proxy-Authenticate header or WWW-Authenticate header
containing the 'qop' parameter. The QoP offered in the 401 response
can be 'auth', 'auth-int', both 'auth' and 'auth-int', or the 'qop' parameter
can be omitted from the 401 response. In response to the 401, the client
needs to send the device another INVITE with the MD5 hash of the
INVITE message and indicate the selected auth type.
[0] 0 = The device sends 'qop=auth' in the SIP response, requesting
authentication (i.e., validates user by checking user name and
password). This option does not authenticate the message body
(i.e., SDP).
[1] 1 = The device sends 'qop=auth-int' in the SIP response,
indicating required authentication and authentication with integrity
(e.g., checksum). This option restricts the client to authenticating the
entire SIP message, including the body, if present.
[2] 2 = (Default) The device sends 'qop=auth, auth-int' in the SIP
response, indicating either authentication or integrity. This enables
the client to choose 'auth' or 'auth-int'. If the client chooses 'auth-int',
then the body is included in the authentication. If the client chooses
'auth', then the body is not authenticated.
[3] 3 = No 'qop' parameter is offered in the SIP 401 challenge
message.
Global parameter that defines the duration (in seconds) of the periodic
registrations that occur between the user and the device (the device
responds with this value to the user). You can also configure this
functionality per specific calls, using IP Profiles
(IpProfile_SBCUserRegistrationTime). For a detailed description of the
parameter and for configuring this functionality in the IP Profile table,
see 'Configuring IP Profiles' on page 385.
Note: If this functionality is configured for a specific IP Profile, the
settings of this global parameter is ignored for calls associated with the
IP Profile.
1110
Mediant 1000B Gateway and E- SBC
Description
Document #: LTRT-27044
Advertisement
Table of Contents
