Multi-system Selective SRTP Pass-through Configuration
Use the following procedure to enable Multi-system Selective SRTP Pass-through within a specific realm.
-
Use the following command sequence to move to
realm-config Configuration Mode.
ORACLE# configure terminal ORACLE(configure)# media-manager ORACLE(media-manager)# realm-config ORACLE(realm-config)#
-
Use the
srtp-msm-passthrough parameter to enable Multi-system Selective SRTP Pass-through within a specific realm.
By default, pass-through support is disabled.
ORACLE(realm-config)# srtp-msm-passthrough enabled ORACLE(realm-config)#
-
Use
done,
exit, and
verify-config to complete enabling Multi-system Selective SRTP Pass-through within the current realm.
verify-config checks that the srtp-msm-password parameter has been configured, and outputs an error if it has not been configured. verify-config also checks other configuration settings that conflict with Multi-system SRTP Pass-through operation. Among these possible mis-configurations are the following.
rfc2833-mode set to preferred on a SIP interface within a realm that has srtp-msm-passthrough enabled
rfc2833-mode set to preferred and app-protocol set to SIP on a session-agent within a realm that has srtp-msm-passthrough enabled.
-
If required, repeat Steps 1 through 3 to enable Multi-system Selective SRTP Pass-through on additional realms.
Use the following procedure to specify values needed to support the exchange of SDES keying information.
-
Use the following command sequence to move to
security Configuration Mode.
ORACLE# configure terminal ORACLE(configure)# security ORACLE(security)#
-
Use the
srtp-msm-attr-name parameter to specify the name of the media attribute used to convey SDES keying information within a SDP media description.
A valid attribute name must consist of characters from the US-ASCII subset of ISO-10646/UTF-8 as specified in RFC 2327, SDP: Session Description Protocol. IANA-registered names should not be used. Values should begin with an X-1 prefix to prevent collision with registered values.
In the absence of a specified attribute name, the SD provides a default value of X-acme-srtp-msm.
ORACLE(security)# srtp-msm-attr-name X-key-material ORACLE(security)#
-
Use the
srtp-msm-password parameter to provide the shared secret used to derive the key for encrypting SDES keying material that is placed in the media attribute of an SDP media description. Ingress keying material is encrypted using this shared secret before being forwarded to the network core. On egress, the encrypted keying material is decrypted with this same key.
Allowable values are characters strings that contain a minimum of 8 and a maximum of 16 characters.
ORACLE(security)# srtp-msm-password IsHeEleemosynary ORACLE(security)#
-
Use
done,
exit, and
verify-config to complete necessary configuration.
verify-config checks that the srtp-msm-password parameter has been configured, and outputs an error if it has not been configured. verify-config also checks other configuration settings that conflict with Multi-system SRTP Pass-through operation. Among these possible mis-configurations are the following.
rfc2833-mode set to preferred on a SIP interface within a realm that has srtp-msm-passthrough enabled
rfc2833-mode set to preferred and app-protocol set to SIP on a session-agent within a realm that has srtp-msm-passthrough enabled.