SIP: P-Asserted-Identity SIP Header mondification

ShoreTel/Mitel allows users to move their extension from one location to another as long as they are configured on the ShoreTel/Mitel system. This not only gives the users the ability to travel between sites with the same extension but also the same DID and Caller ID. This is a really cool feature but it also can create a issue with making cretin calls.

For example you have two sites, we will call them Site A and Site B, and each site has their own external SIP trunks for outbound dialing. We have a user name Jeremy, Jeremy usually works from Site B, and that is also where his DID resides on Sites B SIP trunks. Today Jeremy needs to go to Site A for the day to work. Once there he logs in to a phone and is able to make local and long distance calls like normal going out the Site A SIP trunks with his caller ID even though it does not belong to the Site A SIP trunks. He needs to dial a 800 number to join conference bridge but the call is unable to connect.

This issue is something I have run into a lot. This call is being blocked by the carrier because the caller ID does not match any of the caller ID's that resides on those external trunks. There are a lot of hacks out there that allow people to spoof calls to dial 800 numbers and this is know as toll fraud. One way the carriers combat this is only allowing caller IDs that reside on that circuit to make 800 number calls. There are a number of ways to resolve this by modifying the SIP header to include the Billing Telephone Number (BTN) of that circuit. The way I have resolved it is by configuring P-Asserted-Identity (PAI) on the Ingate SIParator.

The way to do this is, on the SIP Trunk group page in the SIParator, you need to modify the User Name in the Outgoing Calls under the PBX Lines. It normally just has a $1 in the User Name field to pass through the caller ID that it is being presented with from the PBX.

We need to modify it so that it adds the sites BTN to it also. So to do that you would enter in something like this in to the User Name field.

$1?P-Asserted-Identity=%3csip%3a2625555555%401.1.2.1%3e

The green highlight of the line above enables PAI in the SIP header, the blue highlight is the BTN to use and the purple highlight is the IP address of the carrier device. Below is what it looks like when it is in the SIParator.

Now, when Jeremy makes a 800 number call from Site A the carrier accepts the call as he is presenting them with the BTN for authentication that he is allowed to use the circuit, as well as his caller ID even though it does not belong to that circuit.


There are a lot of ways to do this, but this is the way that I have found that works best for most of the deployments I am involved in