AudioCodes Mediant 800B User Manual page 331

User's Manual
Parameter
User Security Mode
block-un-reg-users
[SRD_BlockUnRegUser
s]
Enable Un-
Authenticated
Registrations
enable-un-auth-registrs
[SRD_EnableUnAuthenti
catedRegistrations]
Version 7.2
Defines the blocking (reject) policy for incoming SIP dialog-initiating
requests (e.g., INVITE messages) from registered and unregistered users
belonging to the SRD.

[0] Accept All = (Default) Accepts requests from registered and
unregistered users.

[1] Accept Registered Users = Accepts requests only from users
registered with the device. Requests from users not registered are
rejected.

[2] Accept Registered Users from Same Source = Accepts requests
only from registered users whose source address is the same as that
registered with the device (during the REGISTER message process).
All other requests are rejected. The device verifies whether the IP
address and port are different only if the transport protocol is UDP;
otherwise, the device verifies only the IP address. The verification is
performed before any of the device's call handling processes (i.e.,
Classification, Manipulation and Routing).
Note:

The parameter is applicable only to calls belonging to User-type IP
Groups.

The feature is not applicable to REGISTER requests.

The option, Accept Registered Users from Same Source [2] does not
apply to registration refreshes. These requests are accepted even if the
source address is different to that registered with the device.

When the device rejects a call, it sends a SIP 500 "Server Internal
Error" response to the user. In addition, it reports the rejection (Dialog
establish failure - Classification failure) using the Intrusion Detection
System (IDS) feature (see Configuring IDS Policies on page 171), by
sending an SNMP trap.

When the corresponding parameter in the SIP Interfaces table
(SIPInterface_BlockUnRegUsers) is configured to any value other than
default [-1] for a SIP Interface that is associated with the SRD, the
parameter in the SRDs table is ignored for calls belonging to the SIP
Interface.

The parameter is applicable only to the SBC application.
Enables the device to accept REGISTER requests and register them in its
registration database from new users that have not been authenticated by
a proxy/registrar server (due to proxy down) and thus, re-routed to a User-
type IP Group.
In normal operation scenarios in which the proxy server is available, the
device forwards the REGISTER request to the proxy and if authenticated
by the proxy (i.e., device receives a success response), the device adds
the user to its registration database. The routing to the proxy is according
to the SBC IP-to-IP Routing table where the destination is the proxy's IP
Group. However, when the proxy is unavailable (e.g., due to network
connectivity loss), the device can accept REGISTER requests from new
users if a matching alternative routing rule exists in the SBC IP-to-IP
Routing table where the destination is the user's User-type IP Group (i.e.,
call survivability scenarios) and if the parameter is enabled.

[0] Disable = The device rejects REGISTER requests from new users
that were not authenticated by a proxy server.

[1] Enable = (Default) The device accepts REGISTER requests from
new users even if they were not authenticated by a proxy server, and
331
Description
Mediant 800B Gateway & E-SBC
17. Control Network