MITEL 6900, 6970, 6800, AND 6700 SIP TERMINALS FOR MIVOICE MX-ONE
69 26/1531-ANF 901 14 Uen S 2019-10-18
19 SECURITY
This section describes the encrypted configuration files, SIP signaling with TLS and
media with SRTP.
19.1 ENCRYPTED CONFIGURATION FILES
The aastra.cfg/startup.cfg,, <model>.cfg and <MAC>.cfg files can be encrypted and
downloaded to the phone from the software server with the http or https protocol. Mitel
provides a tool for Windows and Linux to encrypt the configuration files. This tool is
called anacrypt. Use the following procedure:
1. Create the file security.tuz with the encrypted site key:
anacrypt -i -p <shared_password>
2. Encrypt the aastra.cfg/startup.cfg file:
anacrypt aastra.cfg/startup.cfg -p <shared_password>
3. Encrypt the <model>.cfg file:
anacrypt <model>.cfg -p <shared_password>
4. If MAC configuration files are used, encrypt the <MAC>.cfg file:
anacrypt <mac>.cfg -m -p <shared_password>
To encrypt all MAC configuration files in a directory:
anacrypt <mac>.cfg -d <dir> -m -p <shared_password>
5. Store security.tuz, aastra.tuz/startup.tuz and <mac>.tuz on the software
server. Reboot the telephones.
The shared password can be 4-32 alphanumeric characters.
The anacrypt tool can be downloaded from www.mitel.com.
19.2 TLS
IP Phones support a transport protocol called Transport Layer Security (TLS). TLS
is a protocol that ensures communication privacy between the SIP phones and the
Internet. TLS ensures that no third party may eavesdrop or tamper with any message.
persistent TLS is the only mode supported by MX-ONE. Persistent TLS means that the
phone will setup a TLS session which it will keep as long as it is registered (logged on).
Both the server and the phone will make use of the session to setup calls. Persistent
mutual TLS is referring to the additional mutuality in the TLS handshake where the
server requests the client’s signed certificate. Otherwise only the client requests the
servers certificate.
19.3 SRTP
The IP Phones include support for Secure Real-time Transfer Protocol (SRTP), using
Session Description Protocol Security (SDES) key negotiation, for encryption and
authentication of RTP/RTCP messages sent and received by the Mitel IP phones on
your network.
To Next Page
Loading...
