IP Access Control Lists
Manage IP-based authentication for your SIP trunks using IP whitelisting.
Introduction
IP Access Control Lists (IP ACLs) provide IP-based authentication for your SIP trunks. By whitelisting specific IPv4 addresses, you can allow calls from trusted sources without requiring username/password authentication. This is ideal for scenarios with static IP addresses such as PBX systems, SIP gateways, or carrier connections.
Multiple IP addresses can be whitelisted for a single trunk, allowing connections from different locations or devices. Each IP ACL entry can be individually enabled or disabled, providing flexible control over which sources can authenticate to your trunk.
IPv4 Only: Currently, IP ACL only supports IPv4 addresses. IPv6 support is not available at this time.
Static IPs Required: IP-based authentication works best with static IP addresses. If your IP address changes frequently, consider using credential-based authentication instead.
Use Cases
Office PBX Systems
Perfect for on-premises PBX systems with static public IP addresses. Simplifies configuration by eliminating the need to manage credentials on the PBX.
SIP Gateway Integration
Ideal for SIP gateways and Session Border Controllers (SBCs) that operate from known, fixed IP addresses. Provides faster authentication without credential exchange.
Carrier Interconnections
Commonly used for trunk connections with telecom carriers who provide calls from specific IP addresses. Standard practice in carrier-to-carrier peering.
Data Center Deployments
Excellent for cloud or data center deployments where your infrastructure has dedicated static IPs. Reduces authentication overhead and improves performance.
IP ACL vs Credentials
| Feature | IP ACL | Credentials |
|---|---|---|
| Best For | Static IP addresses | Dynamic IP addresses |
| Setup Complexity | Simple (no client config) | Moderate (configure username/password) |
| Security Level | Good (IP-based) | Better (cryptographic) |
| Performance | Faster (no auth exchange) | Slightly slower (auth required) |
| NAT Compatibility | Limited (public IP only) | Excellent (works anywhere) |
| Combined Use | Both can be used together for maximum security | |
Maximum Security: For production environments, consider using both IP ACL and credentials together. This requires authentication from both a whitelisted IP address AND valid credentials, providing defense in depth.
Available Operations
Learn about the structure and attributes of IP ACL objects
Whitelist a new IPv4 address for trunk authentication
List all IP ACL entries for a trunk with pagination support
Modify existing IP ACL properties like IP address, status, or description
Permanently remove an IP address from the whitelist
NAT Considerations: If your SIP client is behind NAT, the source IP address will be the public IP of your router/firewall, not the private IP of the device.
You can find your public IP by visiting services like https://api.ipify.org