if helps, you can set with a bind interface command (loopback) only for signalling and another only for RTP (IOS T Train feature set) and then apply an ACL for trusted Proxys...indeeed, the check for the R-URI I think doesnt't exist anymore...
Regards,
verbal ----- Original Message ----- From: "Juha Heinanen" jh@tutpro.com To: "Jan Janak" jan@iptel.org Cc: serusers@lists.iptel.org; "Michael Ulitskiy" mulitskiy@acedsl.com Sent: Friday, May 27, 2005 9:12 AM Subject: Re: [Serusers] Loose routing question
Jan Janak writes:
The gateway should check if the request is coming from the IP and port of the trusted proxy server and in addition to that it should verify that the Request-URI contains the IP (not hostname) and port that belongs to the gateway.
just to let people know, cisco ios gws do NOT check host part of request-uri belongs to itself and thus happily process any invite they receive. as far as i know, there is currently no way to configure such a check in ios gws.
-- juha
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers