AudioCodes Mediant 800B User Manual page 106
Media gateway & enterprise session border controller (e-sbc)
Hide thumbs
Also See for Mediant 800B:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
Incoming calls:
1.
Proxy Set: If the incoming call is successfully classified to an IP Group based on
Proxy Set (i.e., IP address of calling party) and the Proxy Set is configured for
TLS ('Transport Type' parameter is set to TLS), the TLS Context assigned to the
Proxy Set is used. For configuring Proxy Sets, see ''Configuring Proxy Sets'' on
page 362.
2.
SIP Interface: If the Proxy Set is either not configured for TLS (i.e., the 'Transport
Type' parameter is set to UDP) or not assigned a TLS Context, and/or
classification to a Proxy Set fails, the device uses the TLS Context assigned to
the SIP Interface used for the call. For configuring SIP Interfaces, see
''Configuring SIP Interfaces'' on page 342.
3.
Default TLS Context (ID 0): If the SIP Interface is not assigned a TLS Context or
no SIP Interface is used for the call, the device uses the default TLS Context.
Outgoing calls:
1.
Proxy Set: If the outgoing call is sent to an IP Group associated with a Proxy Set
that is assigned a TLS Context and the Proxy Set is configured for TLS (i.e.,
'Transport Type' parameter is set to TLS), the TLS Context is used. If the
'Transport Type' parameter is set to UDP, the device uses UDP to communicate
with the proxy and no TLS Context is used.
2.
SIP Interface: If the Proxy Set is not assigned a TLS Context, the device uses the
TLS Context assigned to the SIP Interface used for the call.
3.
Default TLS Context (ID 0): If the SIP Interface is not assigned a TLS Context or
no SIP Interface is used for the call, the device uses the default TLS Context.
Notes:
•
If the TLS Context used for an existing TLS connection is changed during the call
by the user agent, the device ends the connection.
•
The device does not query OCSP for its own certificate.
•
Some PKIs do not support OCSP, but generate Certificate Revocation Lists
(CRLs). For such scenarios, set up an OCSP server such as OCSPD.
TLS Context certification also enables employing different levels of security strength (key
size) per certificate. This feature also enables the display of the list of all trusted certificates
currently installed on the device. For each certificate, detailed information such as issuer
and expiration date is shown. Certificates can be deleted or added from/to the Trusted
Root Certificate Store.
You can also configure TLS certificate expiry check, whereby the device periodically
checks the validation date of the installed TLS server certificates and sends an SNMP trap
event if a certificate is nearing expiry. This feature is configured globally for all TLS
Contexts. For configuring TLS certificate expiry check, see ''Configuring TLS Server
Certificate Expiry Check'' on page 118.
The following procedure describes how to configure a TLS Context through the Web
interface. You can also configure it through ini file (TLSContexts) or CLI (configure system
> tls <ID>).
To configure a TLS Context:
1.
Open the TLS Contexts page (Configuration tab > System menu > TLS Contexts).
User's Manual
Mediant 800B Gateway and E- SBC
106
Document #: LTRT-10296
Advertisement
Table of Contents
