Security Policy
A Security Policy enables the Oracle® Enterprise Session Border Controller to identify inbound and outbound media streams that are treated as SRTP/SRTCP. The high-priority Security Policy, p1, (shown below) allows signaling traffic from source 172.16.1.3 to destination 172.16.1.10:5060. The lower-priority Security Policy, p2, (also shown below) matches media traffic with the same source and destination, but without any specific ports. Consequently, SIP signaling traffic (from local port 5060) go through, but the media stream will be handled by appropriate SRTP SA.
security-policy name p1 network-interface private:0 priority 0 local-ip-addr-match 172.16.1.3 remote-ip-addr-match 172.16.1.10 local-port-match 5060 remote-port-match 0 trans-protocol-match UDP direction both local-ip-mask 255.255.255.255 remote-ip-mask 255.255.255.255 action allow ike-sainfo-name outbound-sa-fine-grained-mask local-ip-mask 255.255.255.255 remote-ip-mask 255.255.255.255 local-port-mask 0 remote-port-mask 0 trans-protocol-mask 0 valid enabled vlan-mask 0xFFF last-modified-by admin@console last-modified-date 2009-11-09 15:01:55 security-policy name p2 network-interface private:0 priority 10 local-ip-addr-match 172.16.1.3 remote-ip-addr-match 172.16.1.10 local-port-match 0 remote-port-match 0 trans-protocol-match UDP direction both local-ip-mask 255.255.255.255 remote-ip-mask 255.255.255.255 action srtp ike-sainfo-name outbound-sa-fine-grained-mask local-ip-mask 0.0.0.0 remote-ip-mask 255.255.255.255 local-port-mask 0 remote-port-mask 65535 trans-protocol-mask 255 valid enabled vlan-mask 0xFFF last-modified-by admin@console last-modified-date 2009-11-09 15:38:19