The VCS supports SIP over UDP, TCP and TLS transport protocols. You can configure whether or not
incoming calls using each protocol are supported, and if so, the ports on which the VCS will listen
for such calls. You can also specify the range of ports the VCS will use once calls are established.
This range must be sufficient to support all required concurrent calls.

Using the VCS as a SIP Proxy Server

When

SIP mode

has been enabled the VCS may act as a SIP Proxy Server. The role of a Proxy

Server is to forward requests (such as REGISTER and INVITE) from endpoints or other Proxy
Servers. These requests are forwarded on to other Proxy Servers or to the destination endpoint.
Whether or not the VCS acts as a SIP Proxy Server, and its exact behavior when proxying requests,
is determined by the

SIP Registration Proxy Mode

setting. In addition, this also depends on the

presence of Route Set information in the request header and whether or not the Proxy Server from
which the request was received is a Neighbor of the VCS.
A Route Set can specify the path that must be taken when requests are being proxied between
an endpoint and its Registrar. For example, when a REGISTER request is proxied by a VCS, the
VCS adds a Path header component to the request which signals that the VCS must be included
on any call to that endpoint. The information is usually required in situations where firewalls exist
and the media must follow a specified path in order to successfully traverse the firewall. For more
information about the path header field, see

RFC 3327 [10]

When the VCS proxies a request that contains existing Route Set information, it will forward it
directly to the URI specified in the path. Any call policy configured on the VCS will therefore be
bypassed. This may present a security risk if the information in the Route Set cannot be trusted.
For this reason, you can configure the VCS with three different behaviors when proxying requests,
as follows:

If the

•

SIP Registration Proxy Mode

setting is

Off

, the VCS will not proxy any requests that have

an existing Route Set. Requests that do not have an existing Route Set will still be proxied in
accordance with existing call policy (e.g. zone searches and transforms). This setting provides
the highest level of security.
If the setting is

•

Proxy to Known Only

, the VCS will proxy requests with an existing Route Set only

if the request was received from a Neighbor zone (including Traversal Client and Traversal Server
zones). Requests that do not have an existing Route Set will be proxied in accordance with
existing call policy.
If the setting is

•

Proxy to any

, the VCS will proxy all requests. Those with existing Route Sets will

be proxied to the specified URI; those without will be proxied in accordance with existing call
policy.

SIP Overview

At least one of the UDP, TCP or TLS transport protocols must be set to a

Mode

order for SIP functionality to be supported.