Media Security - AudioCodes Mediant 2000 User Manual

Table 18-7: Default TCP/UDP Network Port Numbers
Port number Peer port
4001, 4011 and up -
4002, 4012 and up -
32767 -
(random) > 32767 514
(random) > 32767 -
(random) > 32767 -
(random) > 32767 162
(random) > 32767 -
18.6

Media Security

18.6.1 Packet Cable Security
The Mediant 2000 supports media encryption via TGCP (PacketCable extensions to
MGCP protocol) and via the proprietary VoPLib API. With media security, IP voice
traffic for some or all channels is encrypted using predefined session keys. No key
negotiation is performed for media security. Instead, the Mediant 2000 assumes
higher-level protocols handle key management.
Encryption specifications:
AES (Rijndael) cipher algorithm, in CBC mode
Key strength - 128 bit
Encryption key supplied by TGCP or manually via VoPLib API
The VoPLib API may be used over the network (TPNCP protocol). Media security over
TPNCP should be used with caution, since the TPNCP connection itself is not
encrypted, and sniffing techniques may be used to obtain the session key. The same
is applicable for TGCP connections. Physical security is required to make sure the
softswitch connection is protected from unauthorized sniffing.
Note :
For further information regarding the VoPLib API, consult the "VoPLib API Reference
Manual", Document #: LTRT-840xx.
User's Manual
Application
RTCP traffic
T.38 traffic
SCTP
Syslog
Syslog ICMP
ARP listener
SNMP Traps
DNS client
Using media security reduces the channel capacity of the device.
Notes
10. The number of ports used depends
on the channel capacity of the device.
Always adjacent to the RTP port number
Always adjacent to the RTCP port
number
If SCTP/IUA is available on the device
May be disabled (ENABLESYSLOG).
May be disabled (ENABLESYSLOG).
May be disabled (DISABLESNMP)
448
Mediant 2000
Document # LTRT-69805