Add or Edit SIP Devices
Use this procedure to add SIP devices and register their credentials for secure authentication on the MBG (set-side) and the ICP-side. Credentials for MBG (set-side) and the ICP (icp-side) do not have to be the same.
Note that SIP device access is always restricted to authorized users. Clients must pass a registration at the MBG server before being passed through to the ICP for approval.
To add a SIP device:
- On the MBG main page, click the Teleworking tab and click SIP.
- Click the + sign.
- Update the device options as required and then click Save.
Field
Description
Notes
Profile
Enabled
Select to enable the set and allow it to connect to the ICP. Clear the check box to disable access.
Description
Enter a description for this SIP client/device.
For example, JSmith
Connection
Configured ICP
Select the ICP to which this device will connect.
Availability
Select the SIP device/client availability:
-
Everywhere to enable the configured SIP credentials to be used to register a SIP device or WebRTC subscriber.
-
SIP devices only to enable the configured SIP credentials to be used to register a SIP device (but not a WebRTC subscriber).
-
WebRTC only to enable the configured SIP credentials to be used to register a WebRTC subscriber (but not a SIP device).
Default is Everywhere
Cluster Zone
Assign this device to a cluster zone.
Refer to Configure a Cluster Zone for more information.
Set-side Authentication
Username
Enter the set-side (MBG side) user name for the SIP client you want to authorize.
For example, smithj.
Note: In Auchan mode, MiVoice Border Gateway usernames must always be associated with a PNI. MiVoice Border Gateway maps between PNI+DN (set-side username) and DN (ICP-side username). In case of duplicate DNs, MiVoice Border Gateway will not allow new user creation.
Password
Enter the set-side password for the SIP client you want to authorize. For security reasons, the password field is always blank.
Choose a secure password that is not trivial. Ensure that it contains letters, numbers, and punctuation. (For example, Mitel*Server1!)
If you attempt to configure a weak password, you will receive a warning or be prevented from preceding (depending on whether Permit Weak Passwords is enabled).
Whenever you update the username, you can either enter a new password or continue to use the existing password. Note that the password field is always blank.
Confirm
Re-enter the set-side password for confirmation.
ICP-side Authentication
Username
Enter the Username that this SIP client uses to access the ICP.
Leaving these fields blanks causes the ICP-side credentials to default to the same values as set-side credentials. If you have configured a non-trivial set-side password, this will not match the password configured in the ICP and connections for this set will be denied.
We recommend that you enter both credentials for more secure authentication.
Note: In Auchan mode, MiVoice Border Gateway usernames must always be associated with a PNI. MiVoice Border Gateway maps between PNI+DN (set-side username) and DN (ICP-side username). In case of duplicate DNs, MiVoice Border Gateway will not allow new user creation.
Password
Enter the password that this SIP client uses to access the ICP.
Confirm
Re-enter the ICP-side password for confirmation.
Protocol
PRACK support
This option controls whether the “Provisional Response ACKnowledgement” (PRACK) method is used between MBG and the device.
-
Use primary setting to use the global PRACK option programmed on the Settings screen. This option controls whether MBG supports PRACK between itself and the peer, and is the default setting for all SIP devices.
-
Enabled to enable MBG to use PRACK with the selected device while the global PRACK option is disabled.
-
Disabled to prevent MBG from using PRACK with the selected device while the global PRACK option is enabled.
For example, if the PRACK option is globally disabled on MBG and the peer but enabled on the SIP device, then MBG will support PRACK only on calls between itself and the device. Alternatively, if the PRACK option is globally enabled on MBG but disabled on the device, then MBG will use PRACK only between itself and the peer but not with the device.
Default is Use primary setting.
Most peers now support PRACK, which can be useful in interoperability scenarios with the PSTN (see RFC 3262). If the remote SIP device supports PRACK, this option should be enabled.
Options keepalives
This option controls whether SIP “OPTIONS” messages are sent to the SIP device as a keepalive mechanism.
-
Use primary setting to use the global keepalive option programmed on the Settings screen.
-
Never to prevent keepalives from being sent to the selected device.
-
Always to force keepalives to be sent the selected device.
-
Only Behind NAT to send keepalives only if the remote device is behind a NAT server that is not performing traversal such as STUN.
Default is Use primary setting.
Gap register and Send options can be used together or separately.
Heartbeat interval
If "Options keepalives" is enabled, this is the interval at which keep-alive messages are sent. This setting overrides the "Options interval" programmed on the Settings screen.
Challenge methods
Use this setting to specify the challenge methods MBG will use to authenticate the remote SIP device. When an incoming request includes one of these methods, MBG will issue a “401 Authorization Required” response. The device must then retry the request with credentials contained within the message.
To specify methods for the selected device:
-
Click Override.
-
Select one or more of the following methods: Invite, Subscribe, Refer, Prack, Bye, Options, Info, Notify, Update. Use Shift-click and Ctrl-click to select multiple items on the list.
-
After you have finished updating the screen, click Save.
To use the method(s) programmed on the Settings screen, click Use primary setting.
Default is Use primary setting.
The ACK and CANCEL methods cannot be challenged. REGISTER is always challenged.
Media
Local streaming between device calls
Select an option:
- Use global setting: allow the selected remote device to use the global LOCAL streaming option programmed on the Settings screen.
- Enabled: force the remote device to use LOCAL streaming always.
- Disabled: prevent the remote device from using LOCAL streaming.
Default is Use global setting.
RTP Framesize
This setting overrides the default value requested by the ICP or SIP peer request. It should be changed only if your system has specific requirements. For more information about RTP frame size, see the Engineering Guidelines.
-
Use primary setting to allow the selected remote IP Phone to use the global RTP Framesize setting programmed on the Settings screen.
-
Enabled to enable detailed logging for the selected device.
-
Disabled to disable detailed logging for the selected device.
Default is Use primary setting.
Codec support
If you are doing secure call recording and the 3rd-party call recording equipment (CRE) only supports G.711a, G.711u and G.729a, you can restrict MBG to using those codecs. If you are not operating under these limitations, you should allow MBG to use an unrestricted range of codecs:
-
Use primary setting to allow the selected remote device to use the global Codec support setting programmed on the Settings screen.
-
Unrestricted to the selected remote device to use any codec.
-
Restricted to G.729, G.711 to force the selected remote device to useG.711a, G.711u, or G.729a.
Default is Use primary setting.
Tone Injection
Enabled
With this option enabled, a configurable tone will be injected into all calls. See Tone Injection for details.
-
Frequency sets the pitch of the tone.
-
Duration defines the length of the tone.
-
Interval controls the time between the played tones.
-
Volume sets the volume of the tone. The values towards zero are louder.
-
Mix/Replace controls whether to mix the tone into the audio stream, or replace the audio stream with the tone while playing.
-
Direction defines whether to play the tone in the audio stream going towards:
-
RX: the set
- TX: the ICP
- RXTX: both
-
Note: To disable the tone, clear the Enabled option and select Use primary.
Default is Use primary setting.
Set-side RTP security
This setting controls whether streaming between MBG and the specific TeleWorker SET device user should be encrypted (SRTP) or not encrypted (RTP); refer to the MBG Engineering Guidelines for further details.
Inbound
-
Use primary setting: Use the value configured in GLOBAL SIP options menu for the given user.
-
SRTP or RTP: Accept any inbound SRTP or RTP offers on the TeleWorker SET-side for the given user
-
SRTP only: Accept ONLY inbound SRTP offers on the TeleWorker SET-side for the given user – reject inbound RTP offers on the SET side for the given user
-
RTP only: Accept ONLY inbound RTP offers on the TeleWorker SET-side for the given user – reject inbound SRTP offers on the SET side for the given user
Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the specific given remote TeleWorker SET device user must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.
Default is Use primary setting.
Outbound
-
Use primary setting: Use the value configured in GLOBAL SIP options menu for the given user.
-
SRTP only: Only use SRTP when making outbound offers on the TeleWorker SET-side for the given user
-
RTP only: Only use RTP when making outbound offers on the TeleWorker SET-side for the given user
-
AVP+crypto: Use both SRTP or RTP when making outbound offers on the TeleWorker SET-side for the given user (SRTP preferred over RTP)
Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the specific given remote TeleWorker SET device user must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.
Default is Use primary setting.
Preferred cipher
Use primary setting: Use the value configured in GLOBAL SIP options menu for the given user.
AES_CM_128_HMAC_SHA1_32: Use AES_CM_128_HMAC_SHA1_32 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_80 when making outbound offers on the TeleWorker SET-side for the given user.
AES_CM_128_HMAC_SHA1_80: Use AES_CM_128_HMAC_SHA1_80 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_32 when making outbound offers on the TeleWorker SET-side for the given user.
Default is Use primary setting.
ICP-side RTP security
This setting controls whether streaming between MBG and the ICP should be encrypted (SRTP) or not encrypted (RTP); refer to the MBG Engineering Guidelines for further details.
Inbound
Use primary setting: Use the value configured in GLOBAL SIP options menu for the given user.
SRTP or RTP: Accept any inbound SRTP or RTP offers on the ICP side for the given user.
SRTP only: Accept ONLY inbound SRTP offers – reject inbound RTP offers on the ICP side for the given user.
RTP only: Accept ONLY inbound RTP offers – reject inbound SRTP offers on the ICP side for the given user.
Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the remote ICP endpoint must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.
Default is Use primary setting.
Outbound
Use primary setting: Use the value configured in GLOBAL SIP options menu for the given user.
SRTP only: Only use SRTP when making outbound offers on the ICP side for the given user.
RTP only: Only use RTP when making outbound offers on the ICP side for the given user.
AVP+crypto: Use both SRTP or RTP when making outbound offers on the ICP side for the given user (SRTP preferred over RTP).
Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the remote ICP endpoint must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.
Default is Use primary setting.
Preferred cipher
Use primary setting: Use the value configured in GLOBAL SIP options menu for the given user.
AES_CM_128_HMAC_SHA1_32: Use AES_CM_128_HMAC_SHA1_32 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_80 when making outbound offers on the ICP side for the given user.
AES_CM_128_HMAC_SHA1_80: Use AES_CM_128_HMAC_SHA1_80 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_32 when making outbound offers for the given user.
Default is Use primary setting.
-
Edit SIP Devices
To edit a SIP device:
- On the MBG main page, click the Teleworking tab and then click SIP.
- In the device listing, locate the device you want edit and click
.
- Edit device information as required.
- Click Save.
Delete SIP Devices
To delete a SIP device:
- On the MBG main page, click the Teleworking tab and then click SIP.
- In the device listing, locate the device you want to delete and click
.
- Click Delete. The deletion is confirmed.