Srtp; Figure 13: Srtp Settings - Grandstream Networks GAC2500 Security Manual

Only Accept SIP Requests from Known Servers:
-
When set to "Yes", the GAC2500 will answer the SIP request from saved servers and only the SIP
requests from saved servers will be accepted. The SIP requests from the unregistered server will be
rejected. The default setting is "No".
Check SIP User ID for Incoming INVITE:
-
This configures the GAC2500 to check the SIP User ID in the Request URI of the SIP INVITE message
from the remote party. If it doesn't match the phone's SIP User ID, the call will be rejected. The default
setting is "No".
Authenticate Incoming INVITE:
-
This configures the GAC2500 to authenticate the SIP INVITE message from the remote party. If set to
"Yes", the phone will challenge the incoming INVITE for authentication with SIP 401 Unauthorized
response. The default setting is "No".
Validate incoming SIP messages:
-
Specifies if the phone system will check the incoming SIP messages caller ID and CSeq headers. If the
message does not include the headers, it will be rejected.

SRTP

To protect voice communication from eavesdropping, the GAC2500 phones support SRTP for media traffic
using AES 128&256. It is recommended to use SRTP if server supports it. SRTP can be configured in web
UI → Account → Codec Settings.
When SRTP Key Life Time parameter is enabled, during the SRTP call, the SRTP key will be valid within
231 SIP packets, and phone will renew the SRTP key after this limitation.
Figure 12: SRTP Settings
GAC2500 Security Guide
P a g e | 12