Call Server Configuration

All authentication configurations are supercluster-wide, but note that the default realm for SIP device authentication is the cluster’s domain as specified on the Admin > Local Cluster > Network Settings page (or sip.dma if no domain is specified). This allows each cluster in a supercluster to have its own realm for challenges.

The Device Authentication page has two tabs, Inbound Authentication and Shared Outbound Authentication.

Inbound Authentication

On the Inbound Authentication tab, you can:

Configure specific SIP digest authentication settings for SIP devices.

Maintain the Call Server’s local inbound device authentication list. This list is used for both H.235 authentication (H.323 devices) and SIP digest authentication (SIP devices).

Click the Signaling settings link to go to the Signaling Settings page, where you actually enable device authentication for H.323, SIP, or both (see Signaling Settings).

Shared Outbound Authentication

On the Shared Outbound Authentication tab, you can maintain the Call Server’s general list of authentication credentials, which it uses to authenticate itself on behalf of calling devices to external SIP peers for which the appropriate device-specific credentials haven’t been defined.

The Call Server intercepts and responds to authentication challenges from SIP peers on behalf of some or all devices calling though the Call Server. This feature allows authentication security between the Call Server and its peers to be completely separate from security between the endpoints and the Call Server.

When you add an external SIP peer, you can specify whether the Call Server handles challenges (401 and

407)on behalf of the source of the call or passes them on to the source of the call. You can also define authentication credentials specifically for that SIP peer. See Add External SIP Peer Dialog.

Note: Neighbor gatekeepers and H.235 authentication

For H.323, when you add a neighbor gatekeeper, you can configure the system to send its H.235 credentials when it sends address resolution requests to that gatekeeper. See Add External Gatekeeper Dialog.

The following table describes the fields on the Device Authentication page.

Field

Description

 

 

Inbound Authentication

 

 

 

SIP device authentication settings

 

Use default realm

This option, the default, sets the realm for the Call Server to the cluster’s

 

domain as specified on the Network Settings page (allowing each cluster of

 

a supercluster to have its own realm). If no domain is specified on the

 

Network Settings page, the default realm value is sip.dma.

 

Clear the check box to change the string in the Realm field.

 

 

Polycom, Inc.

266

Page 266
Image 266
Polycom 7000 manual Shared Outbound Authentication, On the Inbound Authentication tab, you can