Authentication
Trust
policy
On
Do not check
Off
credentials
On
Treat as
Off
authenticated
On
Cisco VCS Administrator Guide (X7.1)
In local domain
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, without further challenge.
The P-Asserted-Identity header is passed
on unchanged (keeping the originator's
asserted ID).
Messages without an existing P-Asserted-
Identity header are challenged. If
authentication passes, the message is
classified as authenticated and a P-
Asserted-Identity header is inserted into the
message. If authentication fails, the
message is rejected.
Messages are not challenged for
authentication.
All messages are classified as
unauthenticated.
Any existing P-Asserted-Identity headers
are removed.
Messages are not challenged for
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed on
unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Messages are not challenged for
authentication.
All messages are classified as
authenticated.
Any existing P-Asserted-Identity header is
removed and a new one containing the
VCS's originator ID is inserted into the
message.
Messages are not challenged for
authentication.
All messages are classified as
authenticated.
Messages with an existing P-Asserted-
Identity header are passed on unchanged.
Messages without an existing P-Asserted-
Identity header have one inserted.
Device authentication
Outside local domain
Messages are not challenged for
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed on
unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Messages are not challenged for
authentication.
All messages are classified as
unauthenticated.
Any existing P-Asserted-Identity headers
are removed.
Messages are not challenged for
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed on
unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Messages are not challenged for
authentication.
All messages are classified as
unauthenticated.
Any existing P-Asserted-Identity headers
are removed.
Messages are not challenged for
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed on
unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Page 100 of 479