Sip Authentication Trust - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Authentication
In local domain
policy
Check
Messages are challenged for
credentials
authentication and those that pass
are classified as authenticated.
Messages (including registration
requests) that fail authentication are
rejected.
Do not check
Messages are not challenged for
credentials
authentication.
All messages are classified as
unauthenticated.
Treat as
Messages are not challenged for
authenticated
authentication.
All messages are classified as
authenticated.
SIP authentication trust
If a VCS is configured to use
requests. If the VCS then forwards the request on to a neighbor zone such as another VCS, that receiving
system will also authenticate the request. In this scenario the message has to be authenticated at every hop.
To simplify this so that a device's credentials only have to be authenticated once (at the first hop), and to
reduce the number of SIP messages in your network, you can configure neighbor zones to use the
Authentication trust mode setting.
This is then used in conjunction with the zone's authentication policy to control whether pre-authenticated
SIP messages received from that zone are trusted and are subsequently treated as authenticated or
unauthenticated within the VCS. Pre-authenticated SIP requests are identified by the presence of a P-
Asserted-Identity field in the SIP message header as defined by
The Authentication trust mode settings are:
On: pre-authenticated messages are trusted without further challenge and subsequently treated as
n
authenticated within the VCS. Unauthenticated messages are challenged if the Authentication policy is
set to Check credentials.
Off: any existing authenticated indicators (the P-Asserted-Identity header) are removed from the message.
n
Messages from a local domain are challenged if the Authentication policy is set to Check credentials.
Note:
You are recommended to enable authentication trust only if the neighbor zone is part of a network of trusted
n
SIP servers.
Authentication trust is automatically implied between traversal server and traversal client zones.
n
Cisco VCS Administrator Guide (X7.2)
device authentication
it will authenticate incoming SIP registration and INVITE
Outside local domain
SIP messages received from non-local domains are all
treated in the same manner, regardless of the
subzone's Authentication policy setting:
Messages are not challenged for authentication.
All messages are classified as unauthenticated.
RFC
3325.
Device authentication
Page 104 of 498
Hide quick links:
Advertisement
Table of Contents
