Polycom 3725-76302-001O The following table describes the fields on the Device Authentication page.

Call Server Configuration

Polycom, Inc. 262

The Call Server intercepts and responds to authentication challenges from SIP peers on behalf of some or all devices calling though the Call Server. This feature allows authentication security between the Call Server and its peers to be completely separate from security between the endpoints and the Call Server.When you add an external SIP peer, you can specify whether the Call Server handles challenges (401 and 407) on behalf of the source of the call or passes them on to the source of the call. You can also define authentication credentials specifically for that SIP peer. See Add External SIP Peer Dialog Box. The following table describes the fields on the Device Authentication page.

Note: Neighbor Gatekeepers and H.235 Authentication

For H.323, when you add a neighbor gatekeeper, you can configure the system to send its H.235

credentials when it sends address resolution requests to that gatekeeper. See Add External

Gatekeeper Dialog Box.

Field Description

Inbound Authentication

SIP device authentication settings

Use default realm This option, the default, sets the realm for the Call Server to the cluster’s

domain as specified on the Network Settings page (allowing each cluster of

a supercluster to have its own realm). If no domain is specified on the

Network Settings page, the default realm value is sip.dma.

Clear the check box to change the string in the Realm field.

Realm The realm string in an authentication challenge tells the challenged device the

protection domain for which it must provide credentials.

Generally, it includes the domain label of the Call Server. See RFC2617 and

RFC 3261.

If you specify a realm instead of using the default, the realm you specify is

used for all clusters in the supercluster.

Enable proxy

authentication

Configures the Call Server to respond to unauthenticated requests with 407

(Proxy Authentication Required).

If turned off, the Call Server responds to unauthenticated requests with 401

(Unauthorized).

Authentication valid time

(seconds)

Specifies the time period within which the Call Server doesn’t re-challenge a

device that previously authenticated itself.

(table of authentication entries) Lists the inbound device authentication entries against which the Call Server

checks a device’s credentials.

Click Add to add a device’s credentials to the list. Click Edit or Delete to

change or remove the selected entry.