Cisco Unified CallManager Security Guide, Release 5.1(3)
Configuring Digest Authentication for the SIP Trunk
Downloads: This chapterpdf (PDF - 205.0KB) The complete bookPDF (PDF - 1.99MB) | Feedback

Configuring Digest Authentication for the SIP Trunk

Table Of Contents

Configuring Digest Authentication for the SIP Trunk

SIP Trunk Digest Authentication Configuration Checklist

Configuring Digest Authentication Enterprise Parameters

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Finding a SIP Realm

Configuring a SIP Realm

SIP Realm Configuration Settings

Deleting a SIP Realm

Where to Find More Information


Configuring Digest Authentication for the SIP Trunk


When you configure digest authentication for SIP trunks, Cisco Unified Communications Manager challenges the identity of the SIP user agent when it receives a SIP request on the SIP trunk. The SIP user agent, in turn, can challenge the identity of Cisco Unified Communications Manager when Cisco Unified Communications Manager sends a SIP request to the trunk. For additional information on how digest authentication works for SIP trunks, see the "Digest Authentication" section.

This chapter contains information on the following topics:

SIP Trunk Digest Authentication Configuration Checklist

Configuring Digest Authentication Enterprise Parameters

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Finding a SIP Realm

Configuring a SIP Realm

SIP Realm Configuration Settings

Deleting a SIP Realm

Where to Find More Information

SIP Trunk Digest Authentication Configuration Checklist

Table 15-1 describes the tasks to configure digest authentication for SIP trunks.

Table 15-1 SIP Trunk Security Configuration Checklist 

Configuration Steps
Related Procedures and Topics

Step 1 

Configure the SIP trunk security profiles; make sure that you check the Enable Digest Authentication check box.

Configuring the SIP Trunk Security Profile, page 14-2

Digest Authentication

Step 2 

Apply a SIP trunk security profile to the trunk.

Applying a SIP Trunk Security Profile, page 14-7

Step 3 

Configure the enterprise parameter, Cluster ID, if not configured.

This parameter supports Cisco Unified CallManager challenges to the identity of the SIP user agent sending a SIP request on the SIP trunk.

Configuring Digest Authentication Enterprise Parameters

Step 4 

If Cisco Unified CallManager challenges the identity of SIP user agents sending SIP requests on the SIP trunk, configure the digest credentials for the application user in the Application User Configuration window.

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Step 5 

If Cisco Unified CallManager responds to challenges from a trunk peer, configure the SIP realm.

Digest Authentication

Configuring a SIP Realm

SIP Realm Configuration Settings

Configuring Digest Authentication Enterprise Parameters

To configure the enterprise parameter, Cluster ID, for digest authentication, choose System > Enterprise Parameters in Cisco Unified CallManager Administration. Locate the Cluster ID parameter and update the value, as described in the Help for the parameter. This parameter supports Cisco Unified CallManager challenges to the identity of the SIP user agent that is sending a SIP request on the SIP trunk.


Tip To access the help for the parameter, click the question mark that displays in the Enterprise Parameters Configuration window or click the parameter link.


Configuring the Digest Credentials in the Application User Configuration Window

If Cisco Unified CallManager challenges the identity of a SIP user agent, you must configure the digest credentials for the application user in the Application User Configuration window in Cisco Unified CallManager Administration. Cisco Unified CallManager uses these credentials to verify the identity of SIP user agents that are sending requests through the SIP trunk.

To configure the digest credentials for an application user, perform the following procedure:

Procedure


Step 1 Find the application user, as described in the Cisco Unified CallManager Administration Guide.

Step 2 Click the application user link.

Step 3 After the specific Application User Configuration window displays, enter the appropriate settings, as described in Table 15-3.

Step 4 Click Save.


Additional Information

See the "Related Topics" section.

Application User Digest Credential Configuration Settings

Table 15-3 describes the settings for the digest credential settings in the Application User Configuration window in Cisco Unified CallManager Administration. For related information and procedures, see the "Related Topics" section.

Table 15-2 Digest Authentication Credentials

Setting
Description

Digest Credentials

Enter a string of alphanumeric characters.

Confirm Digest Credentials

To confirm that you entered the digest credentials correctly, enter the credentials in this field.


Finding a SIP Realm

To find a SIP realm, perform the following procedure:

Procedure


Step 1 In Cisco Unified CallManager Administration, choose User Management > SIP Realm.

The Find and List window displays. Records from an active (prior) query may also display in the window.

Step 2 From the drop-down list boxes, choose your search criteria for the SIP realm that you want to list and click Find.


Note To find all SIP realms that are registered in the database, click Find without specifying any search criteria.


The window refreshes and displays the SIP realms that match your search criteria.

Step 3 Click the Realm link for the SIP realm that you want to view.


Tip To search for the Realm or User within the search results, check the Search Within Results check box, enter your search criteria as described in this procedure, and click Find.


The selected item displays.


Next Steps

If you have not already done so, configure the Cluster ID enterprise parameter, as described in the "Configuring Digest Authentication Enterprise Parameters" section.

Additional Information

See the "Related Topics" section.

Configuring a SIP Realm

If Cisco Unified CallManager responds to challenges from one or more trunk peers, you must configure SIP realm for each SIP trunk user agent that can challenge Cisco Unified CallManager.

To add or update a SIP realm, perform the following procedure:

Procedure


Step 1 In Cisco Unified CallManager Administration, choose User Management > SIP Realm.

Step 2 Perform one of the following tasks:

To add a new SIP realm, click the Add New button and continue with Step 3.

To update an existing SIP realm, locate the appropriate security profile as described in "Finding a SIP Realm" section and continue with Step 3.

Step 3 Enter the appropriate settings as described in Table 15-3.

Step 4 Click Save.

Step 5 Perform the procedure for all realms that you must add or update.


Next Steps

To ensure that digest authentication is successful, verify that the same settings that you configured in Cisco Unified CallManager are configured on the SIP user agent.

Additional Information

See the "Related Topics" section.

SIP Realm Configuration Settings

The SIP realm provides the trunk-side credentials when Cisco Unified Communications Manager gets challenged by a trunk peer.

Table 15-3 describes the settings for the SIP realm. For related information and procedures, see the "Related Topics" section.

Table 15-3 SIP Realm Security Profile

Setting
Description

Realm

Enter the domain name for the realm that connects to the SIP trunk; for example, SIPProxy1_xyz.com. You can use alphanumeric, period, dash, underscore, and space characters.

User

Enter the user name for the SIP user agent in this realm; for example, enter the Cisco Unified CallManager server name. The SIP trunk uses this user name to challenge this Cisco Unified CallManager.

Digest Credentials

Enter the password that Cisco Unified CallManager uses to respond to a challenge for this realm and user.

Confirm Digest Credentials

Reenter the password for verification.


Deleting a SIP Realm

This section describes how to delete a SIP realm from the Cisco Unified CallManager database.

Procedure


Step 1 Find the SIP realm by using the procedure in the "Finding a SIP Realm" section.

To delete multiple SIP realms, check the check boxes next to the appropriate check box in the Find and List window; then, click the Delete Selected icon or the Delete Selected button. You can delete all configurable records for this selection by clicking Select All and then clicking Delete Selected.

Step 2 To delete a single SIP realm, perform one of the following tasks:

In the Find and List window, check the check box next to the appropriate SIP realm; then, click Delete Selected.

In the Find and List window, click the Realm link. After the specific SIP realm Configuration window displays, click Delete Selected.

Step 3 When prompted to confirm the delete operation, click OK to delete or Cancel to cancel the delete operation.


Additional Information

See the "Related Topics" section

Where to Find More Information

Related Topics

Digest Authentication

SIP Trunk Digest Authentication Configuration Checklist

Configuring Digest Authentication Enterprise Parameters

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Finding a SIP Realm

Configuring a SIP Realm

SIP Realm Configuration Settings

Deleting a SIP Realm