Anyone have any good/solid information on properly securing the IPO (500v2 on 11.x) to allow J179 SIP phones to connect over the Internet? I would like to use TLS and ensure that only phones with the cert can connect and try to log in but I can't find any good docs on the entire process from start to finish.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Securely Using Avaya IPO with SIP Jxxx phones on Internet 1
- Thread starter xlntech
- Start date
-
1
- #2
Well, it's up the client to trust the server's certificate. It's only a security feature on the client side that it refuses the server certificate if it's not trusted. A hacker isn't going to care and will send SIP registers thru anyway.
IPO doesn't support mutual TLS where the phone requires an identity certificate to setup a TLS handshake. Session Manager and the SBC allow for that.
Best you can really do is TLS, SRTP, and use the security settings to lock out an account after X tries
IPO doesn't support mutual TLS where the phone requires an identity certificate to setup a TLS handshake. Session Manager and the SBC allow for that.
Best you can really do is TLS, SRTP, and use the security settings to lock out an account after X tries
- Status