Cisco Cisco Expressway Maintenance Manual
The Authentication trust mode settings are:
n
On: pre-authenticated messages are trusted without further challenge and subsequently treated as
authenticated within the Expressway. Unauthenticated messages are challenged if the Authentication
policy is set to Check credentials.
authenticated within the Expressway. Unauthenticated messages are challenged if the Authentication
policy is set to Check credentials.
n
Off: any existing authenticated indicators (the P-Asserted-Identity header) are removed from the message.
Messages from a local domain are challenged if the Authentication policy is set to Check credentials.
Messages from a local domain are challenged if the Authentication policy is set to Check credentials.
Note:
n
We recommend that you enable authentication trust only if the neighbor zone is part of a network of trusted
SIP servers.
SIP servers.
n
Authentication trust is automatically implied between traversal server and traversal client zones.
Configuring authentication to use the local database
The local authentication database is included as part of your Expressway system and does not require any
specific connectivity configuration. It is used to store user account authentication credentials. Each set of
credentials consists of a name and password.
specific connectivity configuration. It is used to store user account authentication credentials. Each set of
credentials consists of a name and password.
The credentials in the local database can be used for device (SIP and H.323), traversal client and TURN
client authentication.
client authentication.
Adding credentials to the local database
To enter a set of device credentials:
1. Go to
Configuration > Authentication > Local database
and click New.
2. Enter the Name and Password that represent the device’s credentials.
3. Click Create credential.
Note that the same credentials can be used by more than one device.
Authenticating with external systems
The
Outbound connection credentials
page (
Configuration > Authentication > Outbound connection
credentials
) is used to configure a username and password that the Expressway will use whenever it is
required to authenticate with external systems.
For example, when the Expressway is forwarding an invite from an endpoint to another Expressway, that
other system may have authentication enabled and will therefore require your local Expressway to provide it
with a username and password.
other system may have authentication enabled and will therefore require your local Expressway to provide it
with a username and password.
Note that these settings are not used by traversal client zones. Traversal clients, which must always
authenticate with traversal servers before they can connect, configure their connection credentials per
traversal client zone.
authenticate with traversal servers before they can connect, configure their connection credentials per
traversal client zone.
Cisco Expressway Administrator Guide (X8.2)
Page 103 of 378
Device authentication
About device authentication