Snom 4S - page 53

snom technology AG • 53

[ S N O M 4S NAT FI L T E R ]

• If the packet was already authenticated or internally generated, the

further processing of the packet can start.

• If the request is a register request and the registration is still valid,

the packet forwarded to the further processing. This behaviour can

be disabled with the “Challenge Refresh Registrations” setting.

• If the packet belongs to an existing call and is not the initial INVITE,

er. If the packet contains more than one Via-header, the packet is

only forwarded to the further processing, if the P-Asserted-Identity

header is already present. In this case, the SBC will overwrite the

header with the present value of the From-header.

• If the request method is ACK or CANCEL, the packet is forwarded

to the further processing. Note that in this case the SBC does not

insert a P-Asserted-Identity header.

• The SBC then looks at the user and host part of the From-header

of the request URI. If that pair is not present in the authentication

cache, it requests that pair from the application server and stops

• If the user/host pair is present in the authentication cache, the SBC

will check if the packet contains the correct answer to a challenge.

Note, that typically during the first time of processing a request this

is not the case and the packet gets challenged with a new allocated

nonce. If this check succeeds, the SBC adds a P-Asserted-Identity

header to the request and forwards it for further processing.

• Otherwise, it will allocate a new nonce and challenge the request.

The nonce represents a question that can only be answered by the

shared secret, the password of that user/host pair. The nonce will

expire after one hour and is deleted when the question is answered