Secure Media (RTP) Traffic using SRTP

It's recommended to use Secured RTP (SRTP) for encrypting the media (RTP and RTCP) path and thereby, protecting the VoIP traffic. The device supports SRTP according to RFC 3711. SRTP performs a Key Exchange mechanism (according to RFC 4568). This is done by adding a 'crypto' attribute to the SDP. This attribute is used (by both sides) to declare the supported cipher suites and to attach the encryption key. If negotiation of the encryption data is successful, the call is established.  The device's SRTP feature supports various suites such as AES_CM_128_HMAC_SHA1_32.

➢

To secure RTP traffic:

■

Globally (all calls): Media Security page (Setup menu > Signaling & Media tab > Media folder > Media Security) - from the 'Media Security' drop-down list, select Enable:

Enabling SRTP Globally

■

Per specific calls using IP Profile: SRTP is enforced on the SBC legs of an IP Profile (Setup menu > Signaling & Media tab > Coders & Profiles folder > IP Profiles). For each IP Profile associated with a leg, configure the 'SBC Media Security Mode' parameter to SRTP. This enforces the SBC legs to negotiate only SRTP media lines; RTP media lines are removed from the incoming SDP offer \ answer.

Enabling SRTP per Specific Calls