Cisco Unified CallManager Security Guide, Release 5.0(4)
Configuring Digest Authentication for the SIP Trunk
Download this chapter
Configuring Digest Authentication for the SIP TrunkConfiguring Digest Authentication for the SIP Trunk
Download the complete book
PDF of Entire BookPDF of Entire Book (PDF - 2 MB)
 Feedback

Table Of Contents

Configuring Digest Authentication for the SIP Trunk

SIP Trunk Digest Authentication Configuration Checklist

Configuring Digest Authentication Enterprise Parameters

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Finding a SIP Realm

Configuring a SIP Realm

SIP Realm Configuration Settings

Deleting a SIP Realm

Where to Find More Information


Configuring Digest Authentication for the SIP Trunk

When you configure digest authentication for SIP trunks, Cisco Unified CallManager challenges the identity of the SIP user agent that connects to the trunk every time that the trunk sends a SIP request to Cisco Unified CallManager. The SIP user agent, in turn, can challenge the identity of Cisco Unified CallManager. For additional information on how digest authentication works for SIP trunks, see the "Digest Authentication" section on page 1-16.

This chapter contains information on the following topics:

SIP Trunk Digest Authentication Configuration Checklist

Configuring Digest Authentication Enterprise Parameters

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Finding a SIP Realm

Configuring a SIP Realm

SIP Realm Configuration Settings

Deleting a SIP Realm

Where to Find More Information

SIP Trunk Digest Authentication Configuration Checklist

Table 15-1 describes the tasks to configure digest authentication for SIP trunks.

Table 15-1 SIP Trunk Security Configuration Checklist 

Configuration Steps
Related Procedures and Topics

Step 1 

Configure the SIP trunk security profiles; make sure that you check the Enable Digest Authentication check box.

Configuring the SIP Trunk Security Profile, page 14-2

Digest Authentication, page 1-16

Step 2 

Apply a SIP trunk security profile to the trunk.

Applying a SIP Trunk Security Profile, page 14-7

Step 3 

Configure the enterprise parameter, Cluster ID, if not configured.

This parameter supports Cisco Unified CallManager as a UAS; that is, Cisco Unified CallManager challenges the identity of the SIP user agent.

Configuring Digest Authentication Enterprise Parameters

Step 4 

If Cisco Unified CallManager acts as a user agent server (UAS) for the trunk, configure the digest credentials for the application user in the Application User Configuration window.

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Step 5 

If Cisco Unified CallManager acts as user agent client (UAC), configure SIP realm.

Cisco Unified CallManager acts as a user agent client when the trunk challenges the identity of Cisco Unified CallManager.

Digest Authentication, page 1-16

Configuring a SIP Realm

SIP Realm Configuration Settings

Configuring Digest Authentication Enterprise Parameters

To configure the enterprise parameter, Cluster ID, for digest authentication, choose System > Enterprise Parameters in Cisco Unified CallManager Administration. Locate the Cluster ID parameter and update the value, as described in the help that supports the parameter. This parameter supports Cisco Unified CallManager as a UAS; that is, Cisco Unified CallManager challenges the identity of the SIP user agent.

Tip To access the help for the parameter, click the question mark that displays in the Enterprise Parameters Configuration window or click the parameter link.

Configuring the Digest Credentials in the Application User Configuration Window

If Cisco Unified CallManager acts as a user agent server, that is, Cisco Unified CallManager challenges the identity of the SIP user agent, you must configure the digest credentials for the application user in the Application User Configuration window in Cisco Unified CallManager Administration. Cisco Unified CallManager uses these credentials to verify the identity of SIP UACs.

To configure the digest credentials for an application user, perform the following procedure:

Procedure

Step 1 Find the application user, as described in the Cisco Unified CallManager Administration Guide.

Step 2 Click on the application user link.

Step 3 After the specific Application User Configuration window displays, enter the appropriate settings, as described in Table 15-3.

Step 4 Click Save.

Additional Information

See the "Related Topics" section.

Application User Digest Credential Configuration Settings

Table 15-3 describes the settings for the digest credential settings in the Application User Configuration window in Cisco Unified CallManager Administration. For related information and procedures, see the "Related Topics" section.

Table 15-2 Digest Authentication Credentials

Setting
Description

Digest Credentials

Enter a string of alphanumeric characters.

Confirm Digest Credentials

To confirm that you entered the digest credentials correctly, enter the credentials in this field.


Finding a SIP Realm

To find a SIP Realm, perform the following procedure:

Procedure

Step 1 In Cisco Unified CallManager Administration, choose User Management > SIP Realm.

The Find and List window displays.

Step 2 From the drop-down list boxes, choose your search criteria for the SIP realm that you want to list and click Find.

Note To find all SIP realms that are registered in the database, click Find without specifying any search criteria.

The window refreshes and displays the SIP realms that match your search criteria.

Step 3 Click the Realm link for the SIP realm that you want to view.

Tip To search for the Realm or User within the search results, check the Search Within Results check box, enter your search criteria as described in this procedure, and click Find.

Additional Steps

If you have not already done so, configure the Cluster ID enterprise parameter, as described in the "Configuring Digest Authentication Enterprise Parameters" section.

Additional Information

See the "Related Topics" section.

Configuring a SIP Realm

If Cisco Unified CallManager acts as user agent client (UAC), you must configure SIP Realm for each SIP trunk user agent. Cisco Unified CallManager acts as a user agent client when the trunk peer challenges the identity of Cisco Unified CallManager.

To add or update a SIP Realm, perform the following procedure:

Procedure

Step 1 In Cisco Unified CallManager Administration, choose User Management > SIP Realm.

Step 2 Perform one of the following tasks:

To add a new SIP Realm, click the Add New button and continue with Step 3.

To update an existing SIP Realm, locate the appropriate security profile as described in "Finding a SIP Realm" section and continue with Step 3.

Step 3 Enter the appropriate settings as described in Table 15-3.

Step 4 Click Save.

Step 5 Perform the procedure for all realms that you must add or update.

Additional Steps

To ensure that digest authentication is successful, verify that the same settings that you configured in Cisco Unified CallManager are configured on the SIP user agent.

Additional Information

See the "Related Topics" section.

SIP Realm Configuration Settings

If Cisco Unified CallManager acts as user agent client (UAC), you must configure SIP Realm. Cisco Unified CallManager acts as a user agent client when the trunk peer challenges the identity of Cisco Unified CallManager. The realm provides the trunk-side credentials.

Table 15-3 describes the settings for the SIP Realm. For related information and procedures, see the "Related Topics" section.

Table 15-3 SIP Realm Security Profile

Setting
Description

Realm

Enter the domain name for the realm that connects to the SIP trunk; for example, SIPProxy1_xyz.com. Characters can be alphanumeric, period, dash, underscore, and space.

User

Enter the user name that you want to associate with Cisco Unified CallManager; for example, enter the server name. The SIP trunk uses this user name when the identity of Cisco Unified CallManager gets challenged.

Password

Enter the password that you want to associate with Cisco Unified CallManager; the SIP trunk uses this password when the identity of Cisco Unified CallManager gets challenged.

Password Confirmation

To confirm that you entered the password correctly, enter the password in this field.


Deleting a SIP Realm

This section describes how to delete a SIP Realm from the Cisco Unified CallManager database.

Procedure

Step 1 Find the SIP Realm by using the procedure in the "Finding a SIP Realm" section.

Step 2 To delete multiple SIP Realms, check the check boxes next to the appropriate check box in the Find and List window; then, click the Delete Selected icon or the Delete Selected button.

Step 3 To delete a single SIP Realm, perform one of the following tasks:

In the Find and List window, check the check box next to the appropriate SIP Realm; then, click the Delete Selected icon or the Delete Selected button.

In the Find and List window, click the Realm link. After the specific SIP Realm Configuration window displays, click the Delete Selected icon or the Delete Selected button.

Step 4 When prompted to confirm the delete operation, click OK to delete or Cancel to cancel the delete operation.

Additional Information

See the "Related Topics" section

Where to Find More Information

Related Topics

Digest Authentication, page 1-16

SIP Trunk Digest Authentication Configuration Checklist

Configuring Digest Authentication Enterprise Parameters

Configuring the Digest Credentials in the Application User Configuration Window

Application User Digest Credential Configuration Settings

Finding a SIP Realm

Configuring a SIP Realm

SIP Realm Configuration Settings

Deleting a SIP Realm