Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

CUCM Authentication on INVITE

We have a requirement to have CUCM challenge for authentication when it receives an invite from a SIP 3rd Party Device.  Apparently, this functionality is available on other PBXs.  How do we configure it on CUCM?

Thanks!

Jeff

Everyone's tags (3)
2 REPLIES
Hall of Fame Super Silver

CUCM Authentication on INVITE

Jeff,

This is not available in CUCM, you need to include CUBE in the path. One of the drawbacks of direct SIP trunk to CUCM. All Cisco deployments strongly recommend CUBE.

HTH,

Chris

VIP Super Bronze

Re: CUCM Authentication on INVITE

This is that rare situation where I have to disagree with Chris. CUCM supports DIGEST Authentication - as the challenging party - on both the line and trunk side. It does not support replying to a DIGEST challenge though; for that you do need CUBE. This behavior is driven by the Security Profile assigned to the device/trunk. You can actually see an example of this in the Unity Connection Configuration guide where "with authentication" is one of the choose-your-own-adventure paths you can take.

Based on the phrase "3rd Party Device" (i.e. not trunk), I'm guessing you mean a phone/endpoint here. Copy the default security profile for 3rd party basic/advanced, require authentication, create an end user and set the DIGEST Password on it, then set that as the DIGEST User on the device.

Just be advised that the password is only protected by an MD5 hash within the SIP traffic so it's not secure from man-in-the-middle attacks unless you layer TLS on top of it.

Please remember to rate helpful responses and identify helpful or correct answers.

154
Views
0
Helpful
2
Replies
CreatePlease to create content