On Wed, 11 Feb 2004, Alan Litster wrote:
Hi,
We have a few local domains that we will be using SER act as a proxy and to protect our gateway. In the near future we will also be providing PSTN breakout for other SIP domains that are not on our proxy.
What is the best way to allow traffic from certain know SIP domains out through our gateways? I've thought about having users authenticate to our proxy, but this could get very complex and messy serving multiple local & remote domains. Other option is just to allow traffic through from the trusted domains I guess.
You can use radius authentication. This way, you can authenticate your local users/domains and proxy the auth radius requests to a remote radius owned/managed by your customer for external users.
One last question, is any one familiar with the Cisco AS5300? How do you go about locking it down so that only authorised users can pass calls out onto the PSTN?
Set an access-list in your gateway that only accepts traffic to port 5060 from your ser proxy.
We have a number of Vega 100's that have the option of only allow proxy invited calls. Is there something similar on the AS5300 or would that have to do authentication aswell, AAA ?
Cisco AS5xxx can only do Microsoft Passport Authentication for SIP :(
Saludos JesusR.
------------------------------- Jesus Rodriguez VozTelecom Sistemas, S.L. jesusr@voztele.com http://www.voztele.com Tel. 902360305 -------------------------------