User's Manual 396 Document #: LTRT-27045
Mediant 1000B Gateway & E-SBC
Parameter Description
At least one supported SDP "crypto" attribute and parameters.
EnableMediaSecurity must be set to 1.
If one of the above transcoding prerequisites is not met, then:
any value other than “As is” is discarded.
if the incoming offer is SRTP, force transcoding, coder
transcoding, and DTMF extensions are not applied.
Gateway Media Security
Mode
media-security-behaviour
[IpProfile_MediaSecurityBeha
viour]
Defines the handling of SRTP for the SIP entity associated with the
IP Profile.
[-1] Not Configured = Applies the settings of the corresponding
global parameter, MediaSecurityBehaviour.
[0] Preferable = (Default) The device initiates encrypted calls to
this SIP entity. However, if negotiation of the cipher suite fails, an
unencrypted call is established. The device accepts incoming
calls received from the SIP entity that don't include encryption
information.
[1] Mandatory = The device initiates encrypted calls to this SIP
entity, but if negotiation of the cipher suite fails, the call is
terminated. The device rejects incoming calls received from the
SIP entity that don't include encryption information.
[2] Disable = This SIP entity does not support encrypted calls
(i.e., SRTP).
[3] Preferable - Single Media = The device sends SDP with a
single media ('m=') line only (e.g., m=audio 6000 RTP/AVP 4 0 70
96) with RTP/AVP and crypto keys. The SIP entity can respond
with SRTP or RTP parameters:
If the SIP entity does not support SRTP, it uses RTP and
ignores the crypto lines.
If the device receives an SDP offer with a single media (as
shown above) from the SIP entity, it responds with SRTP
(RTP/SAVP) if the EnableMediaSecurity parameter is set to
1. If SRTP is not supported (i.e., EnableMediaSecurity is set
to 0), it responds with RTP.
If two 'm=' lines are received in the SDP offer, the device
prefers the SAVP (secure audio video profile), regardless of
the order in the SDP.
Note:
The parameter is applicable only when the EnableMediaSecurity
parameter is set to 1.
The corresponding global parameter is MediaSecurityBehaviour.
Symmetric MKI
enable-symmetric-mki
[IpProfile_EnableSymmetricM
KI]
Enables symmetric MKI negotiation.
[0] Disable = (Default) The device includes the MKI in its SIP 200
OK response according to the SRTPTxPacketMKISize parameter
(if set to 0, it is not included; if set to any other value, it is included
with this value).
[1] Enable = The answer crypto line contains (or excludes) an
MKI value according to the selected crypto line in the offer. For
example, assume that the device receives an INVITE containing
the following two crypto lines in SDP:
a=crypto:2 AES_CM_128_HMAC_SHA1_80
inline:TAaxNnQt8/qLQMnDuG4vxYfWl6K7eBK/ufk04pR4|2
To Next Page
Loading...
