Call Server Configuration
Polycom, Inc. 266
All authentication configurations are supercluster-wide, but note that the default realm for SIP device
authentication is the cluster’s domain as specified on the Admin > Local Cluster > Network Settings page
(or sip.dma if no domain is specified). This allows each cluster in a supercluster to have its own realm for
challenges.
The Device Authentication page has two tabs, Inbound Authentication and Shared Outbound
Authentication.
Inbound Authentication
On the Inbound Authentication tab, you can:
● Configure specific SIP digest authentication settings for SIP devices.
● Maintain the Call Server’s local inbound device authentication list. This list is used for both H.235
authentication (H.323 devices) and SIP digest authentication (SIP devices).
● Click the Signaling settings link to go to the Signaling Settings page, where you actually enable
device authentication for H.323, SIP, or both (see Signaling Settings).
Shared Outbound Authentication
On the Shared Outbound Authentication tab, you can maintain the Call Server’s general list of
authentication credentials, which it uses to authenticate itself on behalf of calling devices to external SIP
peers for which the appropriate device-specific credentials haven’t been defined.
The Call Server intercepts and responds to authentication challenges from SIP peers on behalf of some or
all devices calling though the Call Server. This feature allows authentication security between the Call
Server and its peers to be completely separate from security between the endpoints and the Call Server.
When you add an external SIP peer, you can specify whether the Call Server handles challenges (401 and
407) on behalf of the source of the call or passes them on to the source of the call. You can also define
authentication credentials specifically for that SIP peer. See Add External SIP Peer Dialog.
The following table describes the fields on the Device Authentication page.
Note: Neighbor gatekeepers and H.235 authentication
For H.323, when you add a neighbor gatekeeper, you can configure the system to send its H.235
credentials when it sends address resolution requests to that gatekeeper. See Add External
Gatekeeper Dialog.
Field Description
Inbound Authentication
SIP device authentication settings
Use default realm This option, the default, sets the realm for the Call Server to the cluster’s
domain as specified on the Network Settings page (allowing each cluster of
a supercluster to have its own realm). If no domain is specified on the
Network Settings page, the default realm value is sip.dma.
Clear the check box to change the string in the Realm field.