Cisco Cisco Expressway Maintenance Manual
Device Provisioning and Authentication Policy
The Provisioning Server requires that any provisioning or phone book requests it receives have already been
authenticated at the zone or subzone point of entry into the Expressway. The Provisioning Server does not do its own
authentication challenge and will reject any unauthenticated messages.
authenticated at the zone or subzone point of entry into the Expressway. The Provisioning Server does not do its own
authentication challenge and will reject any unauthenticated messages.
The Expressway must be configured with appropriate device authentication settings, otherwise provisioning-related
messages will be rejected:
messages will be rejected:
■
Initial provisioning authentication (of a subscribe message) is controlled by the authentication policy setting
on the Default Zone. (The Default Zone is used as the device is not yet registered.)
on the Default Zone. (The Default Zone is used as the device is not yet registered.)
The Default Zone and any traversal client zone's authentication policy must be set to either Check credentials
or Treat as authenticated, otherwise provisioning requests will fail.
or Treat as authenticated, otherwise provisioning requests will fail.
In each case, the Expressway performs its authentication checking against the local database. This includes all
credentials supplied by Cisco TMS.
credentials supplied by Cisco TMS.
122
Cisco Expressway Administrator Guide
Device Authentication