SIPTRUNK offers IP-based authentication as an alternative to credential-based registration. When IP authentication is implemented on one of your SIP trunks, SIPTRUNK will authenticate your SIP traffic based off the Contact header instead of the Authentication header. This method is useful for several reasons, but does require a static public IP from your ISP.
How IP Authentication Works on SIPTRUNK
IP Authentication must be configured on your SIP trunk. Inbound calls routed through that SIP trunk will then only be delivered to the public IP you configured. Likewise, outbound calls can only originate from that IP address. SIPTRUNK will reject all other SIP traffic from different IP addresses.
You can only use the IP Authentication method or credential-based registration, not both simultaneously. However, you can switch between methods via the SIP trunk configuration options in the customer portal and the changes will immediately go into effect.
How to Configure Your SIP Trunk for IP Authentication
In the customer portal, hover over the “SIP Trunking” tab and choose the "SIP Trunks” submenu option. All SIP trunks on the account are listed on this page. Find the relevant SIP trunk and click on the option “Modify trunk” to expand multiple options.
Check the box “IP Authentication” and fields will appear to enter the contact IP address and port. Submit the changes to complete the configuration.
IMPORTANT: Once you enable IP authentication on a SIP trunk, you will no longer be able to route traffic through different SIP trunks via digest registration using that same public IP. The gateways will ignore the REGISTER packet, and immediately route the traffic through the IP Authentication-enabled SIP trunk associated with that same public IP.
Unlike digest registration, there is no viewable registration status for IP Auth in the SIPTRUNK customer portal. You will only see “IP Auth” in the Registration Status of the SIP trunk. Proceed with setup of the inbound and outbound routing in the PBX. Once that is complete, place test calls to confirm IP authentication is working correctly.
Configure Your PBX for IP Authentication
Additional configuration may be required per the PBX make and model. Some PBX models have specific settings for IP Authentication. Refer to our Device Setup Guides for additional information.
You will need to ensure that you use the matching IP you configured in the customer portal if your network has access to multiple static public IPs. You also must ensure the system will accept SIP traffic from all SIPTRUNK gateways including gw1, gw2, gw4, and gw5. Refer to this article on Interconnecting with SIPTRUNK for the FQDN and IP list and additional whitelisting recommendations.
Use Cases for IP Authentication
Enhanced security is the most common reason users tend to opt for IP authentication. However, it can be a useful alternative when experiencing issues with credential-based registration.
Auth header issues - Try IP authentication if you have a static IP and you are having difficulty properly formatting an Authentication header or suspect that a firewall is interfering with the information in the Authentication header.
Dropping registrations - Another scenario in which IP authentication may be useful is if the SIP trunk registration randomly drops and the SIP device requires a manual registration to reestablish the connection again. Since IP authentication only authenticates based off the Contact header, register packets are not required. The SIP trunk will only register when call traffic passes, and we will always have your static IP on file regarding what traffic to accept and where to send inbound calls.
Comments