Media Security Policy Configuration

Use the following procedure to create a Media Security Policy that specifies the role of the Oracle® Enterprise Session Border Controller (E-SBC) in the security negotiation. When the E-SBC takes part in the negotiation, the policy specifies a key exchange protocol and SDES profile for both incoming and outgoing calls.

1. Access the media-sec-policy configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# media-security
   ORACLE(media-security)# media-sec-policy
   ORACLE(media-sec-policy)#

2. Use the required name parameter to provide a unique identifier for this media-sec-policy instance.

   name enables the creation of multiple media-sec-policy instances.

3. Use optional pass-through parameter to enable or disable pass-thru mode.

   With pass-through mode disabled (the default state), the E-SBC disallows end-to-end negotiation — rather the Oracle® Enterprise Session Border Controller initiates and terminates SRTP connections with both endpoints.

   With pass-through mode enabled, the SRTP endpoints negotiate security parameters between each other; consequently, the E-SBC simply relays SRTP traffic between the two endpoints.

4. Use the outbound navigation command to move to media-sec-outbound configuration mode. While in this configuration mode you specify security parameters applied to the outbound call leg, that is calls sent by the E-SBC.
5. Use the profile parameter to specify the name of the SDES profile applied to calls sent by the E-SBC.
6. Use the mode parameter to select the real time transport protocol.

   Allowable values are rtp (the default) | srtp | any (either rtp | srtp)

   mode identifies the transport protocol (RTP or SRTP) included in an SDP offer when this media-security-policy is in effect.

7. Use the protocol parameter to select the key exchange protocol.

   Select sdes for SDES key exchange.

8. Use the done and exit parameters to return to media-sec-policy configuration mode.
9. Use the inbound navigation command to move to media-sec-inbound configuration mode. While in this configuration mode you specify security parameters applied to the inbound call leg, that is calls received by the E-SBC.
10. Use the profile parameter to specify the name of the SDES profile applied to calls received by the E-SBC.
11. Use the mode parameter to select the real time transport protocol.

    Allowable values are rtp (the default) | srtp | any (either rtp | srtp)

    mode identifies the transport protocol (RTP or SRTP) included in an SDP offer when this media-security-policy is in effect.

12. Use the protocol parameter to select the key exchange protocol.

    Select sdes for SDES key exchange.

13. Use done, exit, and verify-config to complete configuration of this media security policy instance.
14. Repeat Steps 1 through 13 to configure additional media-security policies.