Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Protocols
Cisco VCS as a SIP proxy server
The Cisco VCS acts as a SIP proxy server when SIP mode is enabled. The role of a proxy server is to
forward requests (such as REGISTER and INVITE) from endpoints or other proxy servers on to further
proxy servers or to the destination endpoint.
forward requests (such as REGISTER and INVITE) from endpoints or other proxy servers on to further
proxy servers or to the destination endpoint.
The Cisco VCS's behavior as a SIP proxy server is determined by:
n
the SIP registration proxy mode setting
n
the presence of Route Set information in the request header
n
whether the proxy server from which the request was received is a neighbor of the Cisco VCS
A Route Set specifies the path to take when requests are proxied between an endpoint and its
registrar. For example, when a REGISTER request is proxied by a Cisco VCS, the Cisco VCS adds a
path header component to the request. This signals that calls to that endpoint should be routed through
the Cisco VCS. This is usually required in situations where firewalls exist and the signalling must
follow a specified path to successfully traverse the firewall. For more information about path headers,
see RFC 3327 [
registrar. For example, when a REGISTER request is proxied by a Cisco VCS, the Cisco VCS adds a
path header component to the request. This signals that calls to that endpoint should be routed through
the Cisco VCS. This is usually required in situations where firewalls exist and the signalling must
follow a specified path to successfully traverse the firewall. For more information about path headers,
see RFC 3327 [
].
When the Cisco VCS proxies a request that contains Route Set information, it forwards it directly to
the URI specified in the path. Any call processing rules configured on the Cisco VCS are bypassed.
This may present a security risk if the information in the Route Set cannot be trusted. For this reason,
you can configure how the Cisco VCS proxies requests that contain Route Sets by setting the SIP
registration proxy mode as follows:
the URI specified in the path. Any call processing rules configured on the Cisco VCS are bypassed.
This may present a security risk if the information in the Route Set cannot be trusted. For this reason,
you can configure how the Cisco VCS proxies requests that contain Route Sets by setting the SIP
registration proxy mode as follows:
n
Off: requests containing Route Sets are rejected. This setting provides the highest level of security.
n
Proxy to known only: requests containing Route Sets are proxied only if the request was received
from a known zone.
from a known zone.
n
Proxy to any: requests containing Route Sets are always proxied.
In all cases, requests that do not have Route Sets are proxied as normal in accordance with existing
call processing rules. This setting only applies to dialog-forming requests, such as INVITE and
SUBSCRIBE. Other requests, such as NOTIFY, are always proxied regardless of this setting.
call processing rules. This setting only applies to dialog-forming requests, such as INVITE and
SUBSCRIBE. Other requests, such as NOTIFY, are always proxied regardless of this setting.
Proxying registration requests
If the Cisco VCS receives a registration request for a domain for which it is not acting as a Registrar
(the Cisco VCS does not have that SIP domain configured), then the Cisco VCS may proxy the
registration request onwards. This depends on the SIP registration proxy mode setting, as follows:
(the Cisco VCS does not have that SIP domain configured), then the Cisco VCS may proxy the
registration request onwards. This depends on the SIP registration proxy mode setting, as follows:
n
Off: the Cisco VCS does not proxy any registration requests. They are rejected with a “403
Forbidden” message.
Forbidden” message.
n
Proxy to known only: the Cisco VCS proxies the request in accordance with existing call
processing rules, but only to known neighbor, traversal client and traversal server zones.
processing rules, but only to known neighbor, traversal client and traversal server zones.
n
Proxy to any: this is the same as Proxy to known only but for all zone types i.e. it also includes
ENUM and DNS zones.
ENUM and DNS zones.
Accepting proxied registration requests
If the Cisco VCS receives a proxied registration request, in addition to the Cisco VCS's standard
, you can also control whether the Cisco VCS accepts the registration depending
upon the zone through which the request was received. You do this through the Accept proxied
registrations setting when
registrations setting when
Proxied registrations are classified as belonging to the zone they were last proxied from. This is
different from non-proxied registration requests which are assigned to a subzone within the Cisco
VCS.
different from non-proxied registration requests which are assigned to a subzone within the Cisco
VCS.
Cisco VCS Administrator Guide (X6)
Page 58 of 295