Support / Voice / SIP Trunking / IP termination using From tag
IP termination using From tag.
VoiceTel supports IP-authenticated outbound SIP termination for customers who prefer to authorize outbound traffic by source IP address instead of registration. The outbound SIP request must include the correct caller ID header and the correct From tag so VoiceTel can associate the call with the proper account and IP access list.
Network endpoints
Use one of the following VoiceTel termination endpoints:
geo.voicetel.com
bgp.voicetel.comBoth endpoints are available for IP-authenticated outbound traffic. Test the endpoint that works best for the network path, routing behavior, PBX, SBC, and firewall configuration.
Caller ID and From tag requirements
Outbound traffic must include a supported caller ID header and the correct From tag.
Caller ID header
Use one of the following caller ID header types:
P-Asserted-Identity
Remote-Party-IDFrom tag
The From tag must contain the account username. VoiceTel uses the username in the From tag to associate the outbound traffic with the correct account and approved IP address list.
The From username must equal the SIP account username, not the caller ID. Substituting the caller ID for the account username is the most common reason IP-authenticated outbound calls fail with a 403 or 401.
Asterisk example
Example using account username 1234567890:
host=geo.voicetel.com
fromdomain=geo.voicetel.com
fromuser=1234567890
username=1234567890
; IP-authenticated termination should not use a registration line.
; Remove or comment out the register statement.
;register => 1234567890:PASSWORD@geo.voicetel.com:5060/1234567890~360FreeSWITCH example
Example using account username 1234567890:
<param name="username" value="1234567890" />
<param name="from-user" value="1234567890" />
<param name="proxy" value="geo.voicetel.com" />
<param name="realm" value="geo.voicetel.com" />
<param name="register" value="false" />Add approved IP addresses
To use IP authentication, add the customer source IP addresses to the approved IP address list.
- Log in to the VoiceTel portal.
- Go to Settings.
- Open Authentication.
- Click + IP.
- Add the public source IP address that VoiceTel will see when the PBX, SBC, or firewall sends SIP traffic.
- Save the change.
- Select the authentication type that matches the customer configuration.
Authentication type
Available authentication types:
| Authentication type | Behavior |
|---|---|
| Digest | Allows outbound calls using SIP Digest authentication. |
| Lax (Digest | IP) | Allows traffic that matches either valid Digest authentication or the approved source IP address list. |
| IP | Allows traffic only when the source IP address matches the approved IP address list. |
| Strict (Digest + IP) | Requires both valid Digest authentication and a matching approved source IP address. |
See Authentication types and DID routing for how each mode interacts with inbound DID delivery.
Changing authentication type can affect inbound DID behavior. Confirm DID routing after changing authentication type, approved IP addresses, or outbound call formatting.