Multi-system Selective SRTP Pass-through Configuration

Use the following procedure to enable Multi-system Selective SRTP Pass-through within a specific realm.

  1. Use the following command sequence to move to realm-config Configuration Mode. 
    ORACLE# configure terminal 
ORACLE(configure)# media-manager 
ORACLE(media-manager)# realm-config 
ORACLE(realm-config)#
  2. Use the srtp-msm-passthrough parameter to enable Multi-system Selective SRTP Pass-through within a specific realm.

    By default, pass-through support is disabled. 

    ORACLE(realm-config)# srtp-msm-passthrough enabled 
ORACLE(realm-config)#
  3. Use done, exit, and verify-config to complete enabling Multi-system Selective SRTP Pass-through within the current realm.

    verify-config checks that the srtp-msm-password parameter has been configured, and outputs an error if it has not been configured. verify-config also checks other configuration settings that conflict with Multi-system SRTP Pass-through operation. Among these possible mis-configurations are the following.

    rfc2833-mode set to preferred on a SIP interface within a realm that has srtp-msm-passthrough enabled

    rfc2833-mode set to preferred and app-protocol set to SIP on a session-agent within a realm that has srtp-msm-passthrough enabled.

  4. If required, repeat Steps 1 through 3 to enable Multi-system Selective SRTP Pass-through on additional realms.

    Use the following procedure to specify values needed to support the exchange of SDES keying information.

  5. Use the following command sequence to move to security Configuration Mode. 
    ORACLE# configure terminal 
ORACLE(configure)# security 
ORACLE(security)#
  6. Use the srtp-msm-attr-name parameter to specify the name of the media attribute used to convey SDES keying information within a SDP media description.

    A valid attribute name must consist of characters from the US-ASCII subset of ISO-10646/UTF-8 as specified in RFC 2327, SDP: Session Description Protocol. IANA-registered names should not be used. Values should begin with an X-1 prefix to prevent collision with registered values.

    In the absence of a specified attribute name, the SD provides a default value of X-acme-srtp-msm. 

    ORACLE(security)# srtp-msm-attr-name X-key-material 
ORACLE(security)#
  7. Use the srtp-msm-password parameter to provide the shared secret used to derive the key for encrypting SDES keying material that is placed in the media attribute of an SDP media description. Ingress keying material is encrypted using this shared secret before being forwarded to the network core. On egress, the encrypted keying material is decrypted with this same key.

    Allowable values are characters strings that contain a minimum of 8 and a maximum of 16 characters. 

    ORACLE(security)# srtp-msm-password IsHeEleemosynary 
ORACLE(security)#
  8. Use done, exit, and verify-config to complete necessary configuration.

    verify-config checks that the srtp-msm-password parameter has been configured, and outputs an error if it has not been configured. verify-config also checks other configuration settings that conflict with Multi-system SRTP Pass-through operation. Among these possible mis-configurations are the following.

    rfc2833-mode set to preferred on a SIP interface within a realm that has srtp-msm-passthrough enabled

    rfc2833-mode set to preferred and app-protocol set to SIP on a session-agent within a realm that has srtp-msm-passthrough enabled.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents