Srtp - 3Com VCX v7111 User Manual
Voip
Hide thumbs
Also See for VCX v7111:
- User manual (245 pages) ,
- Installation manual (58 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
To install a client certificate:
Before continuing, set HTTPSOnly = 0 to ensure you have a method of accessing the
1
device in case the client certificate does not work. Restore the previous setting after
testing the configuration.
Open the Certificates screen (Advanced Configuration menu > Security Settings
2
submenu > Certificates option); the Certificates screen is displayed
To load the Trusted Root Certificate file locate the trusted root certificate loading section.
3
Click
and navigate to the file, and then click
Browse
4
When the operation is completed, set the ini file parameter,
5
HTTPSRequireClientCertificates = 1.
Save the configuration (see e
6
When a user connects to the secure Web server:
If the user has a client certificate from a CA listed in the Trusted Root Certificate file, the
connection is accepted and the user is prompted for the system password.
If both the CA certificate and the client certificate appear in the Trusted Root Certificate
file, the user is not prompted for a password (thus providing a single-sign-on experience -
the authentication is performed using the X.509 digital signature).
If the user does not have a client certificate from a listed CA, or does not have a client
certificate at all, the connection is rejected.
•
The process of installing a client certificate on your PC is beyond the scope of
this document. For more information, see your Web browser or operating system
documentation, and/or consult your security administrator.
•
The root certificate can also be loaded using ini file using the parameter
HTTPSRootFileName.
SRTP
The gateway supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to
encrypt RTP and RTCP transport since it is best-suited for protecting VoIP traffic.
SRTP requires a Key Exchange mechanism that is performed according to <draft-ietf-
mmusic-sdescriptions-12>. The Key Exchange is executed by adding a Crypto attribute to
the SDP. This attribute is used (by both sides) to declare the various supported cipher suites
and to attach the encryption key to use. If negotiation of the encryption data is successful,
the call is established.
Use the parameter MediaSecurityBehaviour (described in
mode of operation: Must or Prefer. These modes determine the behavior of the gateway if
negotiation of the cipher suite fails.
Mandatory = the call is terminated. Incoming calls that do not include encryption
information are rejected.
®
3Com
VCX V7111 VoIP Gateway User Guide
Send File
Saving
Configuration) and restart the V7111 gateway.
(Figure
128).
.
Table
64) to select the gateways
337
Advertisement
Table of Contents
