The IMG 2020 supports SIP Privacy as per RFC 3323 and also supports RFC 3325 which adds the P-Asserted and P-Preferred Identity Headers used within a Trusted Network. SIP Privacy is an extension to SIP that allows parties in a SIP session to withhold their identity and remain anonymous. SIP Privacy is similar to withholding a caller ID in the PSTN. Below are a few reasons why SIP Privacy would be implemented in a network.
A caller may want to contact a particular party without revealing his/her identity in order to impart information with which they would not like to be associated.
A user may not want the exposure of their identity or any personal information allowed out to some networks or destinations. This will make them a target for unsolicited advertising, legal censure or other undesirable consequences.
A user may want to withhold from participants in a session the identity by which they are known to network intermediaries for the purposes of billing and accounting.
RFC 3325 adds the P-Asserted Identity Header which provides network asserted identity to other trusted network elements such as Application Servers and other Call Agents. The IMG 2020 can select on a gateway by gateway basis which gateways are part of this trusted domain or network and which are not. Below is more information on the fields in the SIP privacy object.
SIP Privacy Diagram
Call Flow
SIP to PSTN Default Call Flow with Remote-Party-Id
SS7 to SIP Default Call Flow with Remote-Party-Id Translation. No Privacy Requested
Configuration
Initial Configuration
The procedure below explains how to configure SIP Privacy on the IMG 2020. Before configuring, the IMG 2020 must have an initial configuration created on it. Follow the Basic Configurations procedure before proceeding.
Enable SIP Privacy on the SIP Profile (SGP) object
The SIP Privacy feature is configured in the SIP Profile (SGP) object. Create the SIP Profile (SGP) object and set the Privacy field to either Disabled, P-Asserted only, Remote-Party only, or Bothand set the Trusted field to either Enabled or Disabled. Once the SIP Profile is configured, it can be associated with entities inside and outside of the trusted domain such as SIP gateways or ISDN/ISUP groups. Refer to procedure below.
Create a SIP Profile (SGP) object. Within the SIP Profile (SGP) object, the Trusted and SIP Privacy fields can be configured.
Right click on the Profiles object and select New SIP Profiles. The SIP Profiles object is a container or parent object and no configuration is needed here. Refer to the SIP Profiles topic for more information on this object.
Right click on the SIP Profiles object and select New SIP Profile. The initial SIP Profile (SGP) object is a Default object and the fields within this object cannot be modified. Disregard this object.
Right click on the SIP Profiles object again and select New SIP Profile. In the SIP Profile (SGP) object, enter a name in the Name field that identifies the profile being configured. In this procedure, the profile in this procedure was labeled SIP_Privacy_Profile.
In the Trusted field, select from the drop down menu either Disabled or Enabled. Trusted represents a network of gateways/servers that are part of a Trusted Domain. Will the gateway be part of the trusted domain or not? Select accordingly (Default = Enabled). For more information on the configuring the remaining fields refer to the SIP Profile - SGP topic.
In the Privacy field, select from drop down menu either Disabled, P-Asserted only, Remote-Party only, or Both. In this procedure the selection Both was chosen. In this scenario both the P-Asserted and Remote Party Headers will be displayed in the SIP messaging. The P-Asserted/Remote-Party headers should only be added if the IMG 2020 is sending messaging within a Trusted Domain.
Note: When configuring Privacy and the Propagate From Header (SIP to SIP) feature is not being employed, the UserName Bypassed field in the SIP From Header Tags object must be manually modified to Disable. If this setting is not applied, the username in the From Header on the incoming leg will automatically be propagated to the From Header in the outgoing leg. If however, the Propagate From Header (SIP to SIP) feature is being employed, leave the UserName Bypassed field set to Enable. Refer to the Propagate From Header (SIP to SIP) feature topic for more information on this feature.
Configure the External Gateway object
Configure the external gateway that the SIP channel group will send messages to.
Right click on the IMG 2020 physical node object and select New External Network Elements. The External Network Elements object allows multiple external network element objects to be created under it. There is no configuration required in this object. Refer to the External Network Elements topic for more information.
Right click on External Network Elements object and select New External Gateways. The External Gateways object allows multiple gateway objects to be created under it. There is no configuration required in this object. Refer to the External Gateways topic for more information.
Right click on External Gateways object and select New External Gateway. Enter a name in the Name field to identify the gateway being created. In this procedure the name given was SIP_Privacy_GW. Refer to the screen capture below.
|
|
Configure SIP Signaling
The configuration above displays how to configure the SIP Profile and External SIP Gateway so that the SIP Privacy functionality is configured. The next step is to configure the SIP signaling stack and SIP Channel Groups. Refer to the Configure SIP (Single SIP IP) topic for a procedure on how to configure the SIP functionality.
Configure SIP Privacy in ISUP Group
SIP Privacy can be configured to an ISUP group configured under the SS7 Signaling stack as well as the ISDN Group configured under the ISDN Signaling stack. The screen captures below display where to configure SIP privacy on the TDM side. To enable Privacy for an ISDN Group or an ISUP Group, set the Discard Privacy Info field in the ISDN Group object or the ISUP Group pane to one of the setting displayed below.
SS7 ISUP Group - Refer to Configure SS7 topic for information on where the ISUP group is configured.
ISDN Group - Refer to the Configure ISDN topic for more information on where the ISDN Group is configured.