Cisco Cisco Expressway Maintenance Manual
Policy
Behavior
Treat as
authenticated
authenticated
Message credentials are not checked and all messages are classified as authenticated.
SIP
whether the Expressway trusts any pre-existing authenticated indicators - known as P-Asserted-Identity headers -
within the received message).
within the received message).
Policy
Trust
Behavior
Check
credentials
credentials
Off
Messages are not challenged for authentication.
All messages are classified as unauthenticated.
Any existing P-Asserted-Identity headers are removed.
On
Messages are not challenged for authentication.
Messages with an existing P-Asserted-Identity header are classified as authenticated,
and the header is passed on unchanged.
and the header is passed on unchanged.
Messages without an existing P-Asserted-Identity header are classified as
unauthenticated.
unauthenticated.
Do not check
credentials
credentials
Off
Messages are not challenged for authentication.
All messages are classified as unauthenticated.
Any existing P-Asserted-Identity headers are removed.
On
Messages are not challenged for authentication.
Messages with an existing P-Asserted-Identity header are classified as authenticated,
and the header is passed on unchanged.
and the header is passed on unchanged.
Messages without an existing P-Asserted-Identity header are classified as
unauthenticated.
unauthenticated.
Treat as
authenticated
authenticated
Off
Messages are not challenged for authentication.
All messages are classified as unauthenticated.
Any existing P-Asserted-Identity headers are removed.
On
Messages are not challenged for authentication.
Messages with an existing P-Asserted-Identity header are classified as authenticated,
and the header is passed on unchanged.
and the header is passed on unchanged.
Messages without an existing P-Asserted-Identity header are classified as
unauthenticated.
unauthenticated.
SIP Authentication Trust
it will authenticate incoming SIP INVITE requests. If the
Expressway then forwards the request on to a neighbor zone such as another Expressway, that receiving system will
also authenticate the request. In this scenario the message has to be authenticated at every hop.
also authenticate the request. In this scenario the message has to be authenticated at every hop.
96
Cisco Expressway Administrator Guide