If you need to achieve security, why don't you let the proxy server authenticate callers using digest identity and the gateway trust the proxy by ip address?
That's the most common practice today, we use it with our Cisco gateway too.
-jiri
At 04:27 PM 10/23/2003, Harry Behrens wrote:
Hello,
we have the following setup in our "Unified Messaging lab":
SUAs <-> LAN <-> SER <-> Softswitch <-> PSTN
The SER is provisioned as a SIP Server (essentially a SUA) from the Softswich point of view.
We have provisioned a number block of 20 numbers (from a 30-channel ISDN PRI) for direct inward dialling (DID) to the SER. E.g. 12345620-12345639 are routed to the SER.
On the SER we have a number of users <user>@dai-labor.de, where the first 20 users have an alias of 123456[23][0-9] Each user also has his number added to his permanent contacts to enable (on the cheap) a "call by PSTN if not online" poliy.
The aim obviously being to have a 1-1 mapping between URI and allocated telephone number (we are still in the proof-of-concept phase and will move to DNS and ENUM based architecture at a later stage).
Scenario 1: OK PSTN user Up calls 12345621 - which is mapped to harry@dai-labor.de. If harry@dai-labor.de is registered, his SIP UA rings and the call is established.
Scenario 2: problem harry@dai-labor.de wants to use his UA to place a call through the Softswitch. The Softswitch "authenticates" (if you can call this authentication ;-( by looking at the Contact header and comparing it to its database of numbers assigned to provisioned SIP Servers. I therefore need to be able to specify a rewrite of the Contact header to replace harry@<Contact IP:port> with 12345621@<Contact IP:port> when the callee is of the form <number>@<whatever>
I am aware that this would be strictly speaking not proxy but rather B2BUA behaviour, but would still be interested to know whether anyone has a solution to this problem or whether we need to hack one ourselves.
Many thanks in advance,
HarryDr. Harry Behrens Projektleitung BIB3R DAI Labor - Technische Universität Berlin Sekretariat GOR 1-1, Franklinstrasse 28/29, 10587 Berlin
Fon: +49 30 314 23383 Fax: +49 30 314 21799
Email: harry.behrens@dai-labor.de
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
-
Jiri Kuthan