User's Manual 442 Document #: LTRT-10532
Mediant 500L Gateway & E-SBC
Parameter Description
SBC Media Security Method
sbc-media-security-method
[IpProfile_SBCMediaSecurit
yMethod]
Defines the media security protocol for SRTP, for the SIP entity
associated with the IP Profile.
[0] SDES = (Default) The device secures RTP using the Session
Description Protocol Security Descriptions (SDES) protocol to
negotiate the cryptographic keys (RFC 4568). The keys are sent in
the SDP body ('a=crypto') of the SIP message and are typically
secured using SIP over TLS (SIPS). The encryption of the keys is
in plain text in the SDP. SDES implements TLS over TCP.
[1] DTLS = The device uses Datagram Transport Layer Security
(DTLS) protocol to secure UDP-based media streams (RFCs 5763
and 5764). For more information on DTLS, see SRTP using DTLS
Protocol.
[2] Both = SDES and DTLS protocols are supported.
Note:
To support DTLS, you must also configure the following for the SIP
entity:
TLS Context for DTLS (see Configuring TLS Certificate
Contexts on page
113). The server cipher ('Cipher Server')
must be configured to All.
IpProfile_SBCMediaSecurityBehaviourMedia configured to
SRTP or Both.
IpProfile_SBCRTCPMux configured to Supported. The setting
is required as the DTLS handshake is done for the port used
for RTP. Therefore, RTCP and RTP should be multiplexed
over the same port.
The device does not support forwarding of DTLS transparently
between endpoints (SIP entities).
Reset SRTP Upon Re-key
reset-srtp-upon-re-key
[IpProfile_ResetSRTPStateU
ponRekey]
Enables synchronization of the SRTP state between the device and a
server when a new SRTP key is generated upon a SIP session
expire. This feature ensures that the roll-over counter (ROC), one of
the parameters used in the SRTP encryption/decryption process of
the SRTP packets is synchronized on both sides for transmit and
receive packets.
[0] Disable = (Default) ROC is not reset on the device side.
[1] Enable = If the session expires causing a session refresh
through a re-INVITE, the device or server generates a new key
and the device resets the ROC index (and other SRTP fields) as
done by the server, resulting in a synchronized SRTP.
Note:
If this feature is disabled and the server resets the ROC upon a re-
key generation, one-way voice may occur.
The corresponding global parameter is
ResetSRTPStateUponRekey.
Generate SRTP Keys Mode
generate-srtp-keys
[IpProfile_GenerateSRTPK
eys]
Enables the device to generate a new SRTP key upon receipt of a re-
INVITE with the SIP entity associated with the IP Profile.
[0] Only If Required= (Default) The device generates an SRTP key
only if necessary.
[1] Always = The device always generates a new SRTP key.
SBC Remove Crypto
Lifetime in SDP
Defines the handling of the lifetime field in the 'a=crypto' attribute of
the SDP for the SIP entity associated with the IP Profile. The SDP
field defines the lifetime of the master key as measured in maximum
To Next Page
Loading...
