Authentication types and DID routing.

SIP standards and device configuration

VoiceTel uses SIP for call signaling. SIP is an industry-standard protocol defined by IETF RFCs and is designed for interoperability between compliant platforms, PBXs, SBCs, gateways, and applications.

VoiceTel's SIP service follows applicable RFC behavior. Because SIP is standards-based, VoiceTel does not require certification from a third-party PBX, software vendor, or device manufacturer for a customer system to connect.

Customers are responsible for configuring their own PBX, SBC, firewall, and network environment correctly. Authentication type, source-IP controls, registration behavior, DID routing, NAT handling, and outbound call formatting must match the customer's infrastructure.

VoiceTel provides the service settings, authentication options, SIP domains, and routing controls. The customer or their PBX vendor applies those settings on customer-managed equipment.

Authentication types

VoiceTel supports four authentication type settings:

The correct authentication type depends on the customer's PBX, SBC, firewall, network design, and routing requirements. VoiceTel does not recommend a single authentication type for every deployment — the customer selects and configures the option that matches their infrastructure.

IP address list

When IP-based authentication is used, the customer maintains the approved IP address list. This applies to:

• Lax (Digest | IP)
• IP
• Strict (Digest + IP)

IP addresses can be added to or removed from the list as needed. Configured IP addresses should match the public source IP addresses that VoiceTel will see when SIP traffic reaches the VoiceTel network.

If a customer changes firewalls, SBCs, internet circuits, NAT behavior, or public IP addresses, they should review and update the IP address list before expecting IP-based authentication to work.

DID routing behavior

Authentication type controls how VoiceTel authorizes SIP traffic. DID routing controls where inbound calls are delivered.

Inbound call delivery is driven by the DID routing configuration. Customers should test and confirm the configuration that works correctly for their specific PBX, SBC, firewall, and network environment.

Routing DIDs with Digest authentication

When Digest authentication is used, inbound calls can follow the Digest route associated with the SIP registration. Digest routing is based on the registration point — VoiceTel routes calls toward the registered endpoint using the most appropriate route for the registration location.

1. Confirm that the PBX is configured for Digest authentication.
2. Confirm that the PBX is registering successfully with the assigned SIP username and password.
3. Open the DID routing configuration for the DID.
4. Set the DID to use the appropriate Digest route.
5. Save the DID routing configuration.
6. Place an inbound test call to the DID.
7. Confirm that the call reaches the registered PBX.
8. If the call does not route as expected, verify that the PBX is still registered and that the DID is assigned to the correct Digest route.

Customers using Digest authentication should confirm the PBX registration is stable before troubleshooting DID routing.

Routing DIDs with IP authentication

When IP authentication is used, inbound calls must be routed through a configured Route Destination. IP authentication does not rely on a PBX registration contact for inbound delivery — the DID must be pointed to a destination that tells VoiceTel where to send the call.

1. Confirm that the authentication type is set to an IP-based mode: Lax (Digest | IP), IP, or Strict (Digest + IP).
2. Confirm that the customer's public source IP address is present in the approved IP address list.
3. Add or update the approved IP address list if needed.
4. Open the DID routing configuration for the DID.
5. Select Add Route Destination.
6. Choose the destination type that matches the customer's PBX, SBC, application, or VoiceTel platform service.
7. Enter or select the destination value — IP address, IP address with optional port using IP:PORT, hostname, SIP URI, platform-specific product, or an existing route destination. Examples:

   203.0.113.10
   203.0.113.10:5060

8. Optionally select geographic routing if the destination should use a specific VoiceTel region or ingress path.
9. Save the route destination.
10. Assign the DID to the new or existing route destination.
11. Save the DID routing configuration.
12. Place an inbound test call to the DID.
13. Confirm that the call reaches the expected PBX, SBC, application, or platform service.

When routing a DID to an IP-authenticated destination, the destination may be entered as an IP address or as an IP address with a port using IP:PORT. The correct port depends on the customer's PBX, SBC, firewall, and SIP listener configuration.

If IP authentication is enabled but the DID is not assigned to a valid route destination, inbound calls may not route as expected.

Route destination options

When adding or modifying DID routing, the routing type determines how calls are presented or where they are delivered.

Select the routing type that matches how the PBX, SBC, application, or VoiceTel platform service expects to receive calls.

Lax and Strict modes

For Lax (Digest | IP) and Strict (Digest + IP), inbound behavior still depends on the DID routing configuration. Authentication type determines what VoiceTel will accept; DID routing determines where the call is sent.

Lax mode

In Lax mode, VoiceTel accepts SIP traffic that matches either valid Digest authentication or the approved source IP address list. For IP-based authentication in Lax mode, the source IP address must still match the approved IP address list.

Strict mode

In Strict mode, the SIP request must pass Digest authentication and come from an approved source IP address. Customers using Strict mode should verify both:

1. The PBX is using the correct SIP username and password.
2. The source IP address is present in the approved IP address list.

The DID must still be routed according to the desired inbound behavior.

Geographic routing

When configuring IP-auth DID routing, customers may optionally select a geographic route destination. Geographic routing is used when a destination should be associated with a specific VoiceTel region or ingress path. The correct selection depends on the customer's infrastructure, network design, redundancy model, and testing results.

Test the available configuration options and confirm the routing behavior that works best for the deployment.

Outbound calling with IP-based authentication

All IP-based authentication modes require the same outbound call format. This applies to:

• Lax (Digest | IP)
• IP
• Strict (Digest + IP)

When any of these modes are used for IP-based authentication, the PBX, SBC, or application must format outbound SIP calls according to VoiceTel's documented IP authentication outbound calling requirements. The outbound format is documented separately; follow that document when configuring outbound calls for any IP-authenticated mode.

Authentication type determines how VoiceTel authorizes the SIP traffic. It does not remove the customer's responsibility to format outbound SIP calls correctly for the selected authentication method and infrastructure.

Customer responsibility

VoiceTel provides SIP service settings, authentication options, IP address controls, registration domains, DID routing controls, and route-destination options. The customer is responsible for configuring and testing their PBX, SBC, firewall, NAT behavior, source IP behavior, DID routing, and outbound SIP format.

If a customer is unsure which authentication or routing configuration is appropriate, review the PBX or SBC documentation, consult the PBX vendor, and test the configuration that best matches the infrastructure.