SRTP Parameters
The Secure Real-Time Transport Protocol (SRTP) parameters are described in the table below.
SRTP Parameters
Parameter |
Description |
||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
'Media Security' configure voip > media security > media-security-enable [EnableMediaSecurity] |
Enables Secure Real-Time Transport Protocol (SRTP).
Note:
|
||||||||||||||||||||||||||||||
'Media Security Behavior' configure voip > media security > media-sec-bhvior [MediaSecurityBehaviour] |
Global parameter that defines the handling of SRTP, when the [EnableMediaSecurity] parameter is configured to 1. You can also configure this feature per specific calls, using IP Profiles ('Gateway Media Security Mode' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note:
|
||||||||||||||||||||||||||||||
'Master Key Identifier (MKI) Size' configure voip > media security > srtp-tx-packet-mki-size [SRTPTxPacketMKISize] |
Global parameter that defines the size (in bytes) of the Master Key Identifier (MKI) in SRTP Tx packets. You can also configure this feature per specific calls, using IP Profiles ('MKI Size' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note: If you configure this feature for a specific IP Profile, the device ignores this global parameter for calls associated with the IP Profile. |
||||||||||||||||||||||||||||||
'Symmetric MKI Negotiation' configure voip > media security > symmetric-mki [EnableSymmetricMKI] |
Global parameter that enables symmetric MKI negotiation. You can also configure this feature per specific calls, using IP Profiles ('Symmetric MKI' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note: If you configure this feature for a specific IP Profile, the device ignores this global parameter for calls associated with the IP Profile. |
||||||||||||||||||||||||||||||
'Offered SRTP Cipher Suites' configure voip > media security > offer-srtp-cipher [SRTPofferedSuites] |
Defines the offered crypto suites (cipher encryption algorithms) for SRTP.
Note:
|
||||||||||||||||||||||||||||||
configure voip > sbc settings > sbc-dtls-mtu [SbcDtlsMtu] |
Defines the maximum transmission unit (MTU) size for the DTLS handshake. The device doesn't attempt to send handshake packets that are larger than the configured value. Adjusting the MTU is useful when there are network constraints on the size of packets that can be sent. The valid value range is 228 to 1500. The default is 1400. Note: The parameter is applicable only to the SBC application. |
||||||||||||||||||||||||||||||
configure voip > sbc settings > dtls-time-between-transmissions [DTLSTimeBetweenTransmissions] |
Defines the minimum interval (in msec) that the device waits between transmission of DTLS packets in the same DTLS handshake. The configured value is applied in a "best-effort" manner (i.e., time between transmitted DTLS packets in the same handshake may differ due to constraints on the network layer and load on the device). The valid value is 0 (no forced delay between DTLS packet transmissions) to 100. The default is 5. |
||||||||||||||||||||||||||||||
'ARIA Protocol Support' configure voip > media security > ARIA-protocol-support [AriaProtocolSupport] |
Enables ARIA algorithm cipher encryption for SRTP. This is an alternative option to the existing support for the AES algorithm. ARIA is a symmetric key block cipher algorithm standard developed by the Korean National Security Research Institute.
Note:
|
||||||||||||||||||||||||||||||
'Authentication on Transmitted RTP Packets' configure voip > media security > RTP-authentication-disable-tx [RTPAuthenticationDisableTx] |
Enables authentication on transmitted RTP packets in a secured RTP session.
|
||||||||||||||||||||||||||||||
'Encryption on Transmitted RTP Packets' configure voip > media security > RTP-encryption-disable-tx [RTPEncryptionDisableTx] |
Enables encryption on transmitted RTP packets in a secured RTP session.
|
||||||||||||||||||||||||||||||
'Encryption on Transmitted RTCP Packets' configure voip > media security > RTCP-encryption-disable-tx [RTCPEncryptionDisableTx] |
Enables encryption on transmitted RTCP packets (outgoing leg) in a secured RTP session (i.e., SRTCP). The device generates the cryptos.
Note: The parameter is applicable only if the IP Profile parameter 'Encryption on RTCP Packets' is configured to As Is for the outgoing leg. |
||||||||||||||||||||||||||||||
'SRTP Tunneling Authentication for RTP' configure voip > media security > srtp-tnl-vld-rtp-auth [SRTPTunnelingValidateRTPRxAuthentication] |
Enables validation of SRTP tunneling authentication for RTP.
Note:
|
||||||||||||||||||||||||||||||
'SRTP Tunneling Authentication for RTCP' configure voip > media security > srtp-tnl-vld-rtcp-auth [SRTPTunnelingValidateRTCPRxAuthentication] |
Enables validation of RTP tunneling authentication for RTCP.
Note:
|
||||||||||||||||||||||||||||||
configure voip > sip-definition settings > srtp-state-behavior-mode [ResetSRTPStateUponRekey] |
Global parameter that enables synchronization of the SRTP state between the device and a server when a new SRTP key is generated upon a SIP session expire. You can also configure this feature per specific calls, using IP Profiles ('Reset SRTP Upon Re-key' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note: If you configure this feature for a specific IP Profile, the device ignores this global parameter for calls associated with the IP Profile. |