SIP.US offers IP-based authentication as an alternative to credential-based registration. When IP authentication is implemented on one of your SIP trunks, SIP.US will authenticate your SIP traffic based off the Contact header instead of the Authentication header. This method is useful for several reasons, but does require a static public IP from your ISP.
How IP Authentication Works on SIP.US
IP Authentication must be configured on your SIP trunk. Inbound calls routed through that SIP trunk will then only be delivered to the public IP you configured. Likewise, outbound calls can only originate from that IP address. SIP.US will reject all other SIP traffic from different IP addresses.
You can only use the IP Authentication method or credential-based registration, not both simultaneously. However, you can switch between methods via the SIP trunk configuration options in the customer portal and the changes will immediately go into effect.
How to Configure Your SIP Trunk for IP Authentication
In the customer portal, hover over the “SIP Trunking” tab and choose the "SIP Trunks” submenu option. All SIP trunks on the account are listed on this page. Find the relevant SIP trunk and click on the option “Modify trunk” to expand multiple options.
Check the box “IP Authentication” and fields will appear to enter the contact IP address and port. Submit the changes to complete the configuration.
Unlike digest registration, there is no viewable registration status for IP Auth in the SIP.US customer portal. You will only see “IP Auth” in the Registration Status of the SIP trunk. Proceed with setup of the inbound and outbound routing in the PBX. Once that is complete, place test calls to confirm IP authentication is working correctly.
Configure Your PBX for IP Authentication
Additional configuration may be required per the PBX make and model. Some PBX models have specific settings for IP Authentication. Refer to our Configuration Guides for additional information.
You will need to ensure that you use the matching IP you configured in the customer portal if your network has access to multiple static public IPs. You also must ensure the system will accept SIP traffic from all SIP.US gateways including gw1, gw2, gw4, and gw5. Refer to this article on Interconnecting with SIP.US for the FQDN and IP list and additional whitelisting recommendations.
Use Cases for IP Authentication
Enhanced security is the most common reason users tend to opt for IP authentication. However, it can be a useful alternative when experiencing issues with credential-based registration.
Auth Header Issues - Try IP authentication if you have a static IP and you are having difficulty properly formatting an Authentication header or suspect that a firewall is interfering with the information in the Authentication header.
Dropping Registrations - Another scenario in which IP authentication may be useful is if the SIP trunk registration randomly drops and the SIP device requires a manual registration to reestablish the connection again. Since IP authentication only authenticates based off the Contact header, register packets are not required. The SIP trunk will only register when call traffic passes, and we will always have your static IP on file regarding what traffic to accept and where to send inbound calls.
Comments