Overview

Note

IP Trunk Group Authentication is not supported over Gateway-to-Gateway (GW2GW) signaling.

The SBC Core supports local authentication autonomously on a per-IP trunk group basis in situations where an IP-PBX does not perform a registration and the service provider does not require/want registrations. This function is accomplished using the authentication configurable to the ingress IP Peer and/or ingress IP Trunk Group (IPTG) as described below.

Additionally, the IP Signaling Profile relay flag statusCode4xx6xx must be enabled on the egress leg of the call to relay error status codes.

The CLI syntax for this configuration is shown below:

CLI Syntax
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> signaling authentication
    authPassword <authentication password for trunkgroup> 
    authUserPart <userPart used for authentication> 
    intChallengeResponse <enabled | disabled> 
    incInternalCredentials <enabled | disabled> 

% set profiles signaling ipSignalingProfile <profile_name> commonIpAttributes relayFlags statusCode4xx6xx <disable | enable>

Egress Trunk Group

  • Define the authentication password (authPassword) used when replying to local authentication requests.
  • Define the authentication user part (authUserPart) used when replying to local authentication requests.
  • Enable the IP Signaling profile relay flag statusCode4xx6xx to relay error status codes.

Ingress Trunk Group

  • Set authentication flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set authentication flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

IP Peer

  • Set flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

The SBC supports local authentication for dialog initiating INVITE, dialog initiating SUBSCRIBE, mid-dialog INVITE, mid-dialog INFO, mid-dialog REFER, mid-dialog MESSAGE, initial REGISTER, refresh REGISTER, UPDATE, PUBLISH, out-of-dialog REFER, out-of-dialog MESSAGE, BYE and PRACK.

SIP Response Enhancement When IPTG is Out of Service (OOS)

The SBC supports all Trunk Group configuration when IPTG is out of service (OOS). The SBC considers all the  IPTG configuration as active while processing the incoming INVITE. Incoming and outgoing SMM rules are applied even when IPTG is OOS. By making the SG available (even if IPTG is OOS), the SMM rule is enabled on it. To support this behavior, a new flag processSGConfigWhenTGOOS is introduced in the IPTG. When this flag is enabled, the SBC makes the service group configuration available when the Trunk Group is OOS. A 5XX Response is sent for the INVITES even if the TG is OOS, which means Service group is intact with TG configuration and values even if the TG is OOS.

% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> state disabled mode outOfService processSGConfigWhenTGOOS enabled
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> processSGConfigWhenTGOOS disabled