EasyManua.ls Logo

AudioCodes E-SBC

AudioCodes E-SBC
1414 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
CHAPTER15 Media
Mediant 1000 Gateway & E-SBC | User's Manual
UNENCRYPTED_SRTCP
UNAUTHENTICATED_SRTP
Session parameters should be the same for the local and remote sides. When the device is the
offering side, the session parameters are configured by the following parameters - 'Authentication
on Transmitted RTP Packets', 'Encryption on Transmitted RTP Packets, and 'Encryption on
Transmitted RTCP Packets'. When the device is the answering side, the device adjusts these
parameters according to the remote offering. Unsupported session parameters are ignored, and do
not cause a call failure.
Below is an example of crypto attributes usage:
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PsKoMpHlCg+b5X0YLuSvNrImEh/dAe
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:IsPtLoGkBf9a+c6XVzRuMqHlDnEiAd
The device also supports symmetric MKI negotiation, whereby it can forward the MKI size received
in the SDP offer 'a=crypto' line in the SDP answer. You can enable symmetric MKI globally (using
the EnableSymmetricMKI parameter) or per SIP entity (using the IP Profile parameter, IpProfile_
EnableSymmetricMKI and for SBC calls, IpProfile_SBCEnforceMKISize). For more information on
symmetric MKI, see Configuring IP Profiles.
You can configure the enforcement policy of SRTP, using the EnableMediaSecurity parameter and
IpProfile_SBCMediaSecurityBehaviour parameter for SBC calls. For example, if negotiation of the
cipher suite fails or if incoming calls exclude encryption information, the device can be configured to
reject the calls.
You can also enable the device to validate the authentication of packets for SRTP tunneling for
RTP and RTCP. This applies only to SRTP-to-SRTP SBC calls and where the endpoints use the
same key. This is configured using the 'SRTP Tunneling Authentication for RTP' and 'SRTP
Tunneling Authentication for RTCP' parameters.
For a detailed description of the SRTP parameters, see Configuring IP Profiles and
SRTP Parameters.
When SRTP is used, channel capacity may be reduced.
The procedure below describes how to configure SRTP through the Web interface.
To enable and configure SRTP:
1. Open the Media Security page (Setup menu > Signaling & Media tab > Media folder > Media
Security).
2. From the 'Media Security' drop-down list (EnableMediaSecurity), select Enable to enable
SRTP.
3. From the 'Offered SRTP Cipher Suites' drop-down list (SRTPofferedSuites), select the
supported cipher suite.
- 187 -

Table of Contents

Related product manuals