CHAPTER15 Media
Mediant 800 Gateway & E-SBC | User's Manual
The device also supports symmetric MKI negotiation, whereby it can forward the MKI size received
in the SDP offer 'a=crypto' line in the SDP answer. You can enable symmetric MKI globally (using
the EnableSymmetricMKI parameter) or per SIP entity (using the IP Profile parameter, IpProfile_
EnableSymmetricMKI and for SBC calls, IpProfile_SBCEnforceMKISize). For more information on
symmetric MKI, see Configuring IP Profiles.
You can configure the enforcement policy of SRTP, using the EnableMediaSecurity parameter and
IpProfile_SBCMediaSecurityBehaviour parameter for SBC calls. For example, if negotiation of the
cipher suite fails or if incoming calls exclude encryption information, the device can be configured to
reject the calls.
You can also enable the device to validate the authentication of packets for SRTP tunneling for
RTP and RTCP. This applies only to SRTP-to-SRTP SBC calls and where the endpoints use the
same key. This is configured using the 'SRTP Tunneling Authentication for RTP' and 'SRTP
Tunneling Authentication for RTCP' parameters.
● For a detailed description of the SRTP parameters, see Configuring IP Profiles and
SRTP Parameters.
● When SRTP is used, channel capacity may be reduced.
The procedure below describes how to configure SRTP through the Web interface.
➢ To enable and configure SRTP:
1. Open the Media Security page (Setup menu > Signaling & Media tab > Media folder > Media
Security).
2. From the 'Media Security' drop-down list (EnableMediaSecurity), select Enable to enable
SRTP.
3. From the 'Offered SRTP Cipher Suites' drop-down list (SRTPofferedSuites), select the
supported cipher suite.
4. Configure the other SRTP parameters as required.
5. Click Apply.
SRTP using DTLS Protocol
For SBC calls, you can configure the device to use the Datagram Transport Layer Security (DTLS)
protocol to secure UDP-based traffic (according to RFC 4347 and 6347) for specific SIP entities,
using IP Profiles. DTLS allows datagram-based applications to communicate in a way that is
designed to prevent eavesdropping, tampering or message forgery. The DTLS protocol is based on
the stream-oriented TLS protocol, providing similar security. The device can therefore, interwork in
mixed environments where one network may require DTLS and the other may require Session
Description Protocol Security Descriptions (SDES) or even non-secure RTP. The device supports
DTLS negotiation for RTP-to-SRTP and SRTP-to-SRTP calls.
- 190 -
To Next Page
Loading...
