Juha Heinanen wrote:
Jan Janak writes:
The gateway should check if the request is coming from the IP and port of the trusted proxy server and in addition to that it should verify that the Request-URI contains the IP (not hostname) and port that belongs to the gateway.
just to let people know, cisco ios gws do NOT check host part of request-uri belongs to itself and thus happily process any invite they receive. as far as i know, there is currently no way to configure such a check in ios gws.
Thus you should not allow loose_routing for out-of-dialog requests. Even if a customer bypasses your PSTN routing logic by using a sip uri with a domain which resolves to the IP address of the gateway, you can bill the call as the user was authenticated.
regards, klaus