Software version 10.5.3 adds to the IMG the ability to configure SRTP/SRTCP over SIP. Follow the procedure below to configure SRTP.
Note: To be able to configure SRTP/SRTCP on the IMG, the cryptographic protocol TLS must first be configured. Before proceeding with configuration, verify that TLS has already been configured. See links below to first configure TLS if needed.
When initially configuring TLS, a SIP SGP pane was created for
use with TLS. Since TLS is already configured on this profile, SRTP
can be added to this SIP SGP pane. Within the SIP SGP Pane is
the field SRTP Mode. Select from drop down menu whether SRTP encryption
is disabled, Mandatory, or RTP fallback as displayed below.
Disable: The crypto
information within the RTP packets will be analyzed. Any crypto information
within an SRTP packet will be rejected with 488 Unacceptable Media.
Mandatory: The
crypto information within the RTP packet will be rejected. Only crypto
information within an SRTP packet will be analyzed.
RTP fallback: The
crypto information within the SRTP packet will be analyzed. If crypto
information within the SRTP packet is not acceptable (No SRTP encryption),
fall back to SDP information within the RTP packet.
See SIP Profile - 10.5.3 topic for more information
on this pane
Right Click on the SIP SGP Pane from above and select
New SIP SRTP Cryptosuite.
A SIP SRTP Cryptosuite Pane will get created. See below.
Configure the Crypto-suite, Window Size Hint, and SRTCP Encryption Fields. See SIP SRTP Cryptosuite topic for more information on configuring this pane.
In the TLS configuration procedure a SIP signaling object was
created for use with TLS. Open this SIP signaling object and in the
Remote IMG's SIP Profile, select the SIP SGP Pane which was created
for SIP TLS. See screen capture below.
Ensure the SIP SRTP encryption is going to a specific gateway. This gateway must have TLS Profile.
An External Gateway with TLS configured was created in the TLS
configuration procedure accomplished earlier. Select this gateway.
In the SIP Profile field select the SIP SGP Pane created earlier from
drop down menu as displayed below. The SIP SGP profile with TLS/SRTP
should be configured to all External Gateways that IMG will communicate
with that needs the TLS/SRTP configured. See External Gateway for
more information
The Incoming and Outgoing Channel Groups that communicate to the external gateways using TLS/SRTP need to have the IP bearer profile that has the SRTP configured on it selected. Follow procedure below to accomplish this.