AudioCodes Mediant 800B User Manual page 211
Media gateway & enterprise session border controller (e-sbc)
Hide thumbs
Also See for Mediant 800B:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
User's Manual
For SDES, the keys are sent in the SDP body ('a=crypto') of the SIP message and are
typically secured using SIP over TLS (SIPS). The encryption of the keys is in plain text in
the SDP. The device supports the following session parameters:
UNENCRYPTED_SRTP
UNENCRYPTED_SRTCP
UNAUTHENTICATED_SRTP
Session parameters should be the same for the local and remote sides. When the device is
the offering side, the session parameters are configured by the following parameter -
'Authentication On Transmitted RTP Packets', 'Encryption On Transmitted RTP Packets,
and 'Encryption On Transmitted RTCP Packets'. When the device is the answering side,
the device adjusts these parameters according to the remote offering. Unsupported
session parameters are ignored, and do not cause a call failure.
Below is an example of crypto attributes usage:
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:PsKoMpHlCg+b5X0YLuSvNrImEh/dAe
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:IsPtLoGkBf9a+c6XVzRuMqHlDnEiAd
The device also supports symmetric MKI negotiation, whereby it can forward the MKI size
received in the SDP offer 'a=crypto' line in the SDP answer. You can enable symmetric
MKI globally (using the EnableSymmetricMKI parameter) or per SIP entity (using the IP
Profile
IpProfile_SBCEnforceMKISize). For more information on symmetric MKI, see ''Configuring
IP Profiles'' on page 396.
You can configure the enforcement policy of SRTP, using the EnableMediaSecurity
parameter for Gateway calls and IpProfile_SBCMediaSecurityBehaviour parameter for
SBC calls. For example, if negotiation of the cipher suite fails or if incoming calls exclude
encryption information, the device can be configured to reject the calls.
Notes:
•
For a detailed description of the SRTP parameters, see ''Configuring IP Profiles''
on page 396 and ''SRTP Parameters'' on page 946.
•
When SRTP is used, the channel capacity may be reduced.
The procedure below describes how to configure SRTP through the Web interface.
Version 7.0
parameter,
IpProfile_EnableSymmetricMKI
211
Mediant 800B Gateway and E- SBC
14. Media
and
for
SBC
calls,
Advertisement
Table of Contents
