Media Security Policy Configuration
Use the following procedure to create a Media Security Policy that specifies the role of the Oracle® Enterprise Session Border Controller (E-SBC) in the security negotiation. When the E-SBC takes part in the negotiation, the policy specifies a key exchange protocol and SDES profile for both incoming and outgoing calls.
-
Access the media-sec-policy configuration element.
ORACLE# configure terminal ORACLE(configure)# security ORACLE(security)# media-security ORACLE(media-security)# media-sec-policy ORACLE(media-sec-policy)#
-
Use the required
name parameter to provide a unique identifier for this media-sec-policy instance.
name enables the creation of multiple media-sec-policy instances.
-
Use optional
pass-through parameter to enable or disable pass-thru mode.
With pass-through mode disabled (the default state), the E-SBC disallows end-to-end negotiation — rather the Oracle® Enterprise Session Border Controller initiates and terminates SRTP connections with both endpoints.
With pass-through mode enabled, the SRTP endpoints negotiate security parameters between each other; consequently, the E-SBC simply relays SRTP traffic between the two endpoints.
- Use the outbound navigation command to move to media-sec-outbound configuration mode. While in this configuration mode you specify security parameters applied to the outbound call leg, that is calls sent by the E-SBC.
- Use the profile parameter to specify the name of the SDES profile applied to calls sent by the E-SBC.
-
Use the
mode
parameter to select the real time transport protocol.
Allowable values are rtp (the default) | srtp | any (either rtp | srtp)
mode identifies the transport protocol (RTP or SRTP) included in an SDP offer when this media-security-policy is in effect.
-
Use the
protocol
parameter to select the key exchange protocol.
Select sdes for SDES key exchange.
- Use the done and exit parameters to return to media-sec-policy configuration mode.
- Use the inbound navigation command to move to media-sec-inbound configuration mode. While in this configuration mode you specify security parameters applied to the inbound call leg, that is calls received by the E-SBC.
- Use the profile parameter to specify the name of the SDES profile applied to calls received by the E-SBC.
-
Use the
mode
parameter to select the real time transport protocol.
Allowable values are rtp (the default) | srtp | any (either rtp | srtp)
mode identifies the transport protocol (RTP or SRTP) included in an SDP offer when this media-security-policy is in effect.
-
Use the
protocol
parameter to select the key exchange protocol.
Select sdes for SDES key exchange.
- Use done, exit, and verify-config to complete configuration of this media security policy instance.
- Repeat Steps 1 through 13 to configure additional media-security policies.