SIP and IP support

Blueworx Voice Response supports IPSEC on signaling information. IPSEC is a method of making internet protocol as secure as possible by using, authentication, integrity checking, and encryption.

IPSEC allows protection of:

Broad communications (messages entering and leaving an interface)
Singular connections (communications between a single TCP connection).

The three main services that IPSEC provides are:

Authentication: The method by which a process may identify and verify a known host or end point.
Integrity checking: Allows a receiver of an IP packet to check that the packet has not been modified between being sent and being received.
Encryption: Securely hides the data and IP address information of a packet from anyone attempting to discover the content of the packet.

Each of these services can be configured by an administrator to give a flexible security facility.

These services are generally implemented and configured using one of two protocols:

Authentication Header (AH) which provides services for Authentication and Integrity Checking.
Encapsulating Security Payload (ESP) which provides confidentiality services (encryption) as well as services for Authentication and Integrity Checking.

Both protocols are suitable for IPv4 and IPv6.

Security Associations (SAs) exist to help provide IPSEC services. Specific sets of security parameters are mapped to a particular packet flow, such that a Security Association is established between a pair of hosts or gateways in a one-way connection. Security parameters include:

IP address information
An identifier known as the Security Parameters Index (SPI)
The encryption and authentication methods in use

The Security Association provides all the information needed to set up a secure session using either AH or ESP.

Generally, IPSEC uses a Virtual Tunnel between hosts to provide a secure connection and to initiate Security Associations; this may be over a Virtual Private Network (VPN). Virtual Tunnels can also be used between network subnets and allow filter rules to be built allowing packets to be accepted or rejected based on these rules.

Generally in IPSEC, ESP is used in conjunction with an IPSEC tunnel. In AIX an IKE tunnel is frequently used.

Blueworx Voice Response supports IPSEC on signaling information (using the AIX IP stack), but not on media information as this is routed through DTEA.