AudioCodes Mediant 1000B User Manual page 636
Media gateway & enterprise session border controller (e-sbc)
Hide thumbs
Also See for Mediant 1000B:
- User manual (1281 pages) ,
- Hardware installation manual (92 pages) ,
- Configuration note (52 pages)
Table of Contents
Advertisement
The Classification table is used to classify incoming SIP dialog requests only if the
following classification stages fail:
1.
Classification Stage 1 - Based on User Registration Database: The device
searches its users registration database to check whether the incoming SIP dialog
arrived from a registered user. The device searches the database for a user that
matches the address-of-record (AOR) and Contact of the incoming SIP message:
•
Compares the SIP Contact header to the contact value of the user in the
database.
•
Compares the URL in the SIP P-Asserted-Identity/From header to the registered
address-of-record (AOR) in the database.
If the device finds a matching registered user, it classifies the user to the IP Group
associated with the user in the database. If this classification stage fails, the device
proceeds to classification based on Proxy Set.
2.
Classification Stage 2 - Based on Proxy Set: If the database search fails, the
device performs classification based on Proxy Set. This classification is applicable
only to Server-type IP Groups and is done only if classification based on Proxy Set is
enabled (see the 'Classify By Proxy Set' parameter in the IP Group table in
'Configuring IP Groups' on page 336). The device checks whether the incoming
INVITE's IP address (if host name, then according to the dynamically resolved IP
address list) is configured for a Proxy Set (in the Proxy Set table). If such a Proxy Set
exists, the device classifies the INVITE to the IP Group that is associated with the
Proxy Set. The Proxy Set is assigned to the IP Group in the IP Group table.
If classification based on Proxy Set fails (or classification based on Proxy Set is
disabled), the device proceeds to classification based on the Classification table.
Note:
•
For security, it is recommended to classify SIP dialogs based on Proxy Set only if
the IP address of the Server-type IP Group is unknown. In other words, if the
Proxy Set associated with the IP Group is configured with an FQDN. In such
cases, the device classifies incoming SIP dialogs to the IP Group based on the
DNS-resolved IP address. If the IP address is known, it is recommended to use a
Classification rule instead (and disable the Classify by Proxy Set feature), where
the rule is configured with not only the IP address, but also with SIP message
characteristics to increase the strictness of the classification process. The reason
for preferring classification based on Proxy Set when the IP address is unknown is
that IP address forgery (commonly known as IP spoofing) is more difficult than
malicious SIP message tampering and therefore, using a Classification rule
without an IP address offers a weaker form of security. When classification is
based on Proxy Set, the Classification table for the specific IP Group is ignored.
•
If multiple IP Groups are associated with the same Proxy Set, use Classification
rules to classify the incoming dialogs to the IP Groups (do not use the Classify by
Proxy Set feature).
•
The device saves incoming SIP REGISTER messages in its registration database.
If the REGISTER message is received from a User-type IP Group, the device
sends the message to the configured destination.
User's Manual
Mediant 1000B Gateway and E- SBC
636
Document #: LTRT-27044
Advertisement
Table of Contents
