...
An additional advantage of using TLS for remote gateways is that users of the remote system can be mapped to a sipXecs user, and may then use resources which require permissions (e.g. ITSP gateways, etc). To enable this mapping, add a TLS Peer under the Users menu, using as the TLS Peer Name the identity which the remote system presents in the SubjAltName field of its certificate (usually the SIP Domain or FQDN of the remote system). You can then specify permissions to be applied when any users from that system dial. 
Note that for this to work, the certificate sent by the remote system must implement draft-ietf-sip-domain-certs-04.txt , which recommends that the SIP domain identity be conveyed as a SubjAltName extension of type uniformResourceIdentitier .