Call Server Configuration

The Call Server intercepts and responds to authentication challenges from SIP peers on behalf of some or all devices calling though the Call Server. This feature allows authentication security between the Call Server and its peers to be completely separate from security between the endpoints and the Call Server.

When you add an external SIP peer, you can specify whether the Call Server handles challenges (401 and

407)on behalf of the source of the call or passes them on to the source of the call. You can also define authentication credentials specifically for that SIP peer. See Add External SIP Peer Dialog Box.

Note: Neighbor Gatekeepers and H.235 Authentication

For H.323, when you add a neighbor gatekeeper, you can configure the system to send its H.235 credentials when it sends address resolution requests to that gatekeeper. See Add External Gatekeeper Dialog Box.

The following table describes the fields on the Device Authentication page.

Field

Description

 

 

Inbound Authentication

 

 

 

SIP device authentication settings

 

Use default realm

This option, the default, sets the realm for the Call Server to the cluster’s

 

domain as specified on the Network Settings page (allowing each cluster of

 

a supercluster to have its own realm). If no domain is specified on the

 

Network Settings page, the default realm value is sip.dma.

 

Clear the check box to change the string in the Realm field.

 

 

Realm

The realm string in an authentication challenge tells the challenged device the

 

protection domain for which it must provide credentials.

 

Generally, it includes the domain label of the Call Server. See RFC 2617 and

 

RFC 3261.

 

If you specify a realm instead of using the default, the realm you specify is

 

used for all clusters in the supercluster.

 

 

Enable proxy

Configures the Call Server to respond to unauthenticated requests with 407

authentication

(Proxy Authentication Required).

 

If turned off, the Call Server responds to unauthenticated requests with 401

 

(Unauthorized).

 

 

Authentication valid time

Specifies the time period within which the Call Server doesn’t re-challenge a

(seconds)

device that previously authenticated itself.

 

 

(table of authentication entries)

Lists the inbound device authentication entries against which the Call Server

 

checks a device’s credentials.

 

Click Add to add a device’s credentials to the list. Click Edit or Delete to

 

change or remove the selected entry.

 

 

Polycom, Inc.

262

Page 262
Image 262
Polycom 3725-76302-001O manual Field Description Inbound Authentication