Cisco Unified Communications Manager Security Guide, Release 9.1(1)
Digest authentication setup for SIP trunks
Downloads: This chapterpdf (PDF - 295.0KB) The complete bookPDF (PDF - 3.54MB) | Feedback

Digest authentication setup for SIP trunks

Digest authentication setup for SIP trunks

This chapter provides information about digest authentication setup for SIP trunks. When you configure digest authentication for SIP trunks, Cisco Unified Communications Manager challenges the identity of the SIP user agent when it receives a SIP request on the SIP trunk. The SIP user agent, in turn, can challenge the identity of Cisco Unified Communications Manager when Cisco Unified Communications Manager sends a SIP request to the trunk. For additional information on how digest authentication works for SIP trunks, see topics related to digest authentication.

Set up SIP trunk digest authentication

The following procedure describes the tasks to configure digest authentication for SIP trunks.

Procedure
    Step 1   Configure the SIP trunk security profiles; make sure that you check the Enable Digest Authentication check box.
    Step 2   Apply a SIP trunk security profile to the trunk.
    Step 3   Configure the enterprise parameter, Cluster ID, if not configured.

    This parameter supports Cisco Unified Communications Manager challenges to the identity of the SIP user agent that is sending a SIP request on the SIP trunk.

    Step 4   If Cisco Unified Communications Manager challenges the identity of SIP user agents that are sending SIP requests on the SIP trunk, configure the digest credentials for the application user in the Application User Configuration window.
    Step 5   If Cisco Unified Communications Manager responds to challenges from a trunk peer, configure the SIP realm.

    Related Information

    Set up digest authentication enterprise parameters

    To configure the enterprise parameter, Cluster ID, for digest authentication, choose System > Enterprise Parameters in Cisco Unified Communications Manager Administration. Locate the Cluster ID parameter and update the value, as described in the Help for the parameter. This parameter supports Cisco Unified Communications Manager challenges to the identity of the SIP user agent that is sending a SIP request on the SIP trunk.


    Tip


    To access the Help for the parameter, click the question mark that displays in the Enterprise Parameters Configuration window or click the parameter link.


    Set up digest credentials

    If Cisco Unified Communications Manager challenges the identity of a SIP user agent, you must configure the digest credentials for the application user in the Application User Configuration window in Cisco Unified Communications Manager Administration. Cisco Unified Communications Manager uses these credentials to verify the identity of SIP user agents that are sending requests through the SIP trunk.

    To configure the digest credentials for an application user, perform the following procedure:

    Procedure
      Step 1   Find the application user, as described in the Cisco Unified Communications Manager Administration Guide.
      Step 2   Click the application user link.
      Step 3   After the specific Application User Configuration window displays, enter the appropriate settings, as described in Table 1.
      Step 4   Click Save.

      Related References

      Application user digest credential settings

      The following table describes the settings for the digest credential settings in the Application User Configuration window in Cisco Unified Communications Manager Administration.

      Table 1 Digest Authentication Credentials

      Setting

      Description

      Digest Credentials

      Enter a string of alphanumeric characters.

      Confirm Digest Credentials

      To confirm that you entered the digest credentials correctly, enter the credentials in this field.

      Find SIP realm

      To find a SIP Realm, perform the following procedure:

      Procedure
        Step 1   In Cisco Unified Communications Manager Administration, choose User Management > SIP Realm.

        The Find and List window displays. Records from an active (prior) query may also display in the window.

        Step 2   To find all records in the database, ensure the dialog box is empty; go to Step 3.

        To filter or search records

        1. From the first drop-down list box, choose a search parameter.
        2. From the second drop-down list box, choose a search pattern.
        3. Specify the appropriate search text, if applicable.
          Note   

          To add additional search criteria, click the + button. When you add criteria, the system searches for a record that matches all criteria that you specify. To remove criteria, click the button to remove the last added criterion or click the Clear Filter button to remove all added search criteria.

        Step 3   Click Find.

        All matching records display. You can change the number of items that display on each page by choosing a different value from the Rows per Page drop-down list box.

        Step 4   From the list of records that display, click the link for the record that you want to view.
        Note   

        To reverse the sort order, click the up or down arrow, if available, in the list header.

        The window displays the item that you choose.


        What to Do Next

        If you have not already done so, configure the Cluster ID enterprise parameter.

        Configure SIP realm

        If Cisco Unified Communications Manager responds to challenges from one or more trunk peers, you must configure SIP Realm for each SIP trunk user agent that can challenge Cisco Unified Communications Manager.

        To add or update a SIP Realm, perform the following procedure:

        Procedure
          Step 1   In Cisco Unified Communications Manager Administration, choose User Management > SIP Realm.
          Step 2   Perform one of the following tasks:
          1. To add a new SIP Realm, click Add New in the Find window. (You can also display a SIP Realm and then click Add New.) The configuration window displays with the default settings for each field.
          2. To copy an existing record, locate the appropriate record and click the Copy icon for that record in the Copy column. (You can also display a SIP Realm and then click Copy.) The configuration window displays with the configured settings.
          3. To update an existing record, locate and display the appropriate SIP Realm. The configuration window displays with the current settings.
          Step 3   Enter the appropriate settings as described in Table 1.
          Step 4   Click Save.
          Step 5   Perform the procedure for all realms that you must add or update.

          What to Do Next

          To ensure that digest authentication is successful, verify that the same settings that you configured in Cisco Unified Communications Manager are configured on the SIP user agent.

          Related Tasks

          SIP realm settings

          The SIP Realm provides the trunk-side credentials when Cisco Unified Communications Manager gets challenged by a trunk peer.

          The following table describes the settings for the SIP Realm.

          Table 2 SIP Realm Security Profile

          Setting

          Description

          Realm

          Enter the domain name for the realm that connects to the SIP trunk; for example, SIPProxy1_xyz.com. You can use alphanumeric characters, period, dash, underscore, and space.

          User

          Enter the user name for the SIP user agent in this realm; for example, enter the Cisco Unified Communications Manager server name. The SIP trunk uses this user name to challenge this Cisco Unified Communications Manager.

          Digest Credentials

          Enter the password that Cisco Unified Communications Manager uses to respond to a challenge for this realm and user.

          Confirm Digest Credentials

          Re-enter the password for verification.

          Delete SIP realm

          This section describes how to delete a SIP Realm from the Cisco Unified Communications Manager database.

          Procedure
            Step 1   Find the SIP Realm to delete.
            Step 2   Perform one of the following tasks:
            1. To delete multiple SIP Realms, perform one of these tasks in the Find and List window:
              • Check the check boxes next to the realms that you want to delete; then, click Delete Selected. You can delete all configurable records for this selection by clicking Select All and then clicking Delete Selected.
            2. To delete a single SIP Realm, perform one of these tasks in the Find and List window:
              • Check the check box next to the realm that you want to delete; then, click Delete Selected. Click the Name link for the realm. After the specific SIP Realm Configuration window displays, click Delete Selected.
            Step 3   When prompted to confirm the delete operation, click OK to delete or Cancel to cancel the delete operation.

            Related Tasks

            Where to find more information about SIP trunk digest authentication

            Related References