SRTP Parameters
The Secure Real-Time Transport Protocol (SRTP) parameters are described in the table below.
SRTP Parameters
Parameter |
Description |
||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
'Media Security' configure voip > media security > media-security-enable [EnableMediaSecurity] |
Enables Secure Real-Time Transport Protocol (SRTP).
Note: |
||||||||||||||||||||||||||||||
'Media Security Behavior' configure voip > media security > media-sec-bhvior [MediaSecurityBehaviour] |
Global parameter that defines the handling of SRTP, when the [EnableMediaSecurity] parameter is configured to 1. You can also configure this feature per specific calls, using IP Profiles ('Gateway Media Security Mode' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note:
|
||||||||||||||||||||||||||||||
'Master Key Identifier (MKI) Size' configure voip > media security > srtp-tx-packet-mki-size [SRTPTxPacketMKISize] |
Global parameter that defines the size (in bytes) of the Master Key Identifier (MKI) in SRTP Tx packets. You can also configure this feature per specific calls, using IP Profiles ('MKI Size' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note: If you configure this feature for a specific IP Profile, the device ignores this global parameter for calls associated with the IP Profile. |
||||||||||||||||||||||||||||||
'Symmetric MKI Negotiation' configure voip > media security > symmetric-mki [EnableSymmetricMKI] |
Global parameter that enables symmetric MKI negotiation. You can also configure this feature per specific calls, using IP Profiles ('Symmetric MKI' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note: If you configure this feature for a specific IP Profile, the device ignores this global parameter for calls associated with the IP Profile. |
||||||||||||||||||||||||||||||
'Offered SRTP Cipher Suites' configure voip > media security > offer-srtp-cipher [SRTPofferedSuites] |
Defines the offered crypto suites (cipher encryption algorithms) for SRTP.
Note:
|
||||||||||||||||||||||||||||||
'ARIA Protocol Support' configure voip > media security > ARIA-protocol-support [AriaProtocolSupport] |
Enables ARIA algorithm cipher encryption for SRTP. This is an alternative option to the existing support for the AES algorithm. ARIA is a symmetric key block cipher algorithm standard developed by the Korean National Security Research Institute.
Note:
|
||||||||||||||||||||||||||||||
'Authentication on Transmitted RTP Packets' configure voip > media security > RTP-authentication-disable-tx [RTPAuthenticationDisableTx] |
Enables authentication on transmitted RTP packets in a secured RTP session.
|
||||||||||||||||||||||||||||||
'Encryption on Transmitted RTP Packets' configure voip > media security > RTP-encryption-disable-tx [RTPEncryptionDisableTx] |
Enables encryption on transmitted RTP packets in a secured RTP session.
|
||||||||||||||||||||||||||||||
'Encryption on Transmitted RTCP Packets' configure voip > media security > RTCP-encryption-disable-tx [RTCPEncryptionDisableTx] |
Enables encryption on transmitted RTCP packets (outgoing leg) in a secured RTP session (i.e., SRTCP). The device generates the cryptos.
Note: The parameter is applicable only if the IP Profile parameter 'Encryption on RTCP Packets' is configured to As Is for the outgoing leg. |
||||||||||||||||||||||||||||||
'SRTP Tunneling Authentication for RTP' configure voip > media security > srtp-tnl-vld-rtp-auth [SRTPTunnelingValidateRTPRxAuthentication] |
Enables validation of SRTP tunneling authentication for RTP.
Note:
|
||||||||||||||||||||||||||||||
'SRTP Tunneling Authentication for RTCP' configure voip > media security > srtp-tnl-vld-rtcp-auth [SRTPTunnelingValidateRTCPRxAuthentication] |
Enables validation of RTP tunneling authentication for RTCP.
Note:
|
||||||||||||||||||||||||||||||
configure voip > sip-definition settings > srtp-state-behavior-mode [ResetSRTPStateUponRekey] |
Global parameter that enables synchronization of the SRTP state between the device and a server when a new SRTP key is generated upon a SIP session expire. You can also configure this feature per specific calls, using IP Profiles ('Reset SRTP Upon Re-key' parameter). For a detailed description of the parameter and for configuring this feature in the IP Profiles table, see Configuring IP Profiles. Note:
|
||||||||||||||||||||||||||||||
configure voip > media security > srtp-reset-tx-rx-separately [SrtpResetTxRxSeparately] |
Enables the device to reset only the SRTP stream (roll-over counter / ROC index and other SRTP fields) with the call party that changed the SRTP key (‘a=crypto’ line in SDP body) during a call. It doesn't reset the SRTP stream with the other call party. The SRTP key is sometimes updated by the call party, using a SIP re-INVITE message (for example, due to a session refresh).
Note:
|