Cisco Cisco Expressway 维护手册
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Policy
Behavior
Treat as
authenticated
authenticated
Message credentials are not checked and all messages are classified as authenticated.
SIP
whether the Expressway trusts any pre-existing authenticated indicators - known as P-Asserted-Identity headers -
within the received message) and whether the message was received from a local domain (a domain for which the
Expressway is authoritative) or a non-local domain.
within the received message) and whether the message was received from a local domain (a domain for which the
Expressway is authoritative) or a non-local domain.
Policy
Trust
In local domain
Outside local domain
Check
credentials
credentials
Off
Messages are challenged for
authentication.
authentication.
Messages that fail authentication are
rejected.
rejected.
Messages that pass authentication are
classified as authenticated and a P-
Asserted-Identity header is inserted into the
message.
classified as authenticated and a P-
Asserted-Identity header is inserted into the
message.
Messages are not challenged for
authentication.
authentication.
All messages are classified as
unauthenticated.
unauthenticated.
Any existing P-Asserted-Identity headers
are removed.
are removed.
On
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, without further challenge.
The P-Asserted-Identity header is passed
on unchanged (keeping the originator's
asserted ID).
Identity header are classified as
authenticated, without further challenge.
The P-Asserted-Identity header is passed
on unchanged (keeping the originator's
asserted ID).
Messages without an existing P-Asserted-
Identity header are challenged. If
authentication passes, the message is
classified as authenticated and a P-
Asserted-Identity header is inserted into the
message. If authentication fails, the
message is rejected.
Identity header are challenged. If
authentication passes, the message is
classified as authenticated and a P-
Asserted-Identity header is inserted into the
message. If authentication fails, the
message is rejected.
Messages are not challenged for
authentication.
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed
on unchanged.
Identity header are classified as
authenticated, and the header is passed
on unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Identity header are classified as
unauthenticated.
Do not check
credentials
credentials
Off
Messages are not challenged for
authentication.
authentication.
All messages are classified as
unauthenticated.
unauthenticated.
Any existing P-Asserted-Identity headers
are removed.
are removed.
Messages are not challenged for
authentication.
authentication.
All messages are classified as
unauthenticated.
unauthenticated.
Any existing P-Asserted-Identity headers
are removed.
are removed.
On
Messages are not challenged for
authentication.
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed on
unchanged.
Identity header are classified as
authenticated, and the header is passed on
unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Identity header are classified as
unauthenticated.
Messages are not challenged for
authentication.
authentication.
Messages with an existing P-Asserted-
Identity header are classified as
authenticated, and the header is passed
on unchanged.
Identity header are classified as
authenticated, and the header is passed
on unchanged.
Messages without an existing P-Asserted-
Identity header are classified as
unauthenticated.
Identity header are classified as
unauthenticated.
120
Cisco Expressway Administrator Guide
Device Authentication