MSRP Configuration

MSRP configuration consists of the following steps.

Configure the msrp-config configuration object that governs MSRP global behavior.
Configure one or more tcp-media-profile configuration objects that define MSRP operations within a realm.
Assign a tcp-media-profile to a target realm.
If MSRP sessions are secured with TLS, create and assign tls-profile configuration objects to the tcp-media-profile of the target realm.
Create and assign steering-pools configuration objects to target realms.

msrp-config Configuration

Use the following procedure to perform MSRP global configuration.

From superuser mode, use the following command sequence to access  msrp-config configuration mode. While in msrp-config mode, you configure global MSRP behavior.

ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# msrp-config
ORACLE(msrp-config)# ?
state                     state
uri-translation           perform translation of MSRP URI
session-inactivity-timer  timer value (seconds) for session inactivity                           monitoring period
select                    select msrp config to edit
no                        delete msrp config
show                      show msrp config
done                      write msrp config information
exit                      return to previous menu
ORACLE(msrp-config)#

Use the state parameter to enable MSRP operations.
Retain the default value, enabled, to enable MSRP operations.

If necessary, you can use disabled to temporarily suspend all MSRP operations.
```
ORACLE(msrp-config)# state enabled
ORACLE(msrp-config)#
```
Use the uri-translation parameter to enable or disable NAT of URIs found in the From-Path and To-Path headers of MSRP requests and responses, and in a=path attributes found in SDP offers.
NAT is enabled by default.

Retain the default value (enabled) to enable NAT; use disabled to disable NAT.
```
ORACLE(msrp-config)# uri-translation enabled
ORACLE(msrp-config)#
```
Use the session-inactivity-timer parameter in connection with the  msrp-delayed-bye-timer parameter to implement the delayed transmission of SIP BYE requests, thus establishing a configurable transition interval allowing for the completion of active MSRP sessions.
The session-inactivity-timer parameter specifies the maximum inactivity interval (defined as the absence of transmitted data) tolerated before the MSRP connection is terminated.

Retain the default value (5), or specify another inactivity interval within the range 5 to 10 seconds.
```
ORACLE(msrp-config)# session-inactivity-timer 7
ORACLE(msrp-config)#
```
Use done, exit, and verify-config to complete MSRP global configuration.
If you wish to implement the delayed transmission of SIP BYE requests, use the following command sequence to access sip-config configuration model
```
ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# sip-config
ORACLE(sip-config)#
```
Use the msrp-delayed-bye-timer parameter to enable the delayed transmission of SIP BYE requests, thus establishing a configurable transition interval allowing for the completion of active MSRP sessions.
The msrp-delayed-bye-timer parameter specifies the maximum delay period allowed before transmitting the delayed BYE request.

Retain the default value (15), or specify another delay period within the range 1 to 60 seconds.

Delayed transmission of BYE requests is enabled by default. Use the special value of 0 to disable delay, and transmit BYE requests immediately upon receipt.
```
ORACLE(sip-config)# msrp-delayed-bye-timer 20
ORACLE(sip-config)#
```

tcp-media-profile Configuration

Use the following procedure to construct a TCP Media Profile that defines MSRP operations within a realm.

From superuser mode, use the following command sequence to access tcp-media-profile configuration mode. While in tcp-media-profile mode, you begin construction of a TCP Media Profile.

ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# tcp-media-profile
ORACLE(tcp-media-profile)# ?
name          name
profile-list  list of TCP media profiles
select        select profile to edit
no            delete profile
show          show profile
done          write profile information
exit          return to previous menu
ORACLE(tcp-media-profile)#

Use the name parameter to provide a unique identifier for this TCP Media Profile instance.
```
ORACLE(tcp-media-profile)# name tlsMSRP
ORACLE(tcp-media-profile)#
```

Use the profile-list command to move to tcp-media-profile-entry configuration mode. While in this mode, you complete configuration of the named tls-media-profile.

ORACLE(tcp-media-profile)# profile-list
ORACLE(tcp-media-profile-entry)# ?
media-type            media type
transport-protocol    transport protocol
listen-port           listening port
preferred-setup-role  preferred setup role
tls-profile           tls profile name
require-fingerprint   always require TLS certificate fingerprint
select                select a profile entry to edit
no                    delete selected profile entry
show                  show profile entry information
done                  write profile entry information
exit                  return to previous menu
ORACLE(tcp-media-profile-entry)#

Use the listen-port parameter to identify the TCP port monitored by the B2BUA for incoming MSRP connections.
Supported values are integer values within the range 0 (the default value) through 65535.

The 0 default value indicates that the listening port will be chosen by the B2BUA from the steering pool of the realm (which the tcp-media-profile belongs to).
```
ORACLE(tcp-media-profile-entry)# listen-port 43000
ORACLE(tcp-media-profile-entry)#
```
Use the media-type parameter in conjunction with the transport-protocol parameter to identify the media-types and transport protocols (found in the SDP media description, m=, field as described in RFC 4566, SDP: Session Description Protocol) subject to this TCP Media Profile.
media-type identifies the media subject to this TCP Media Profile. Retain the default value, message, for MSRP operations.

transport-protocol identifies the transport layer protocols subject to this TCP Media Profile. Use either TCP/MSRP to specify unsecured TCP traffic or TCP/TLS/MSRP to specify secured/encrypted TLS traffic.
```
ORACLE(tcp-media-profile-entry)# transport-protocol TCP/TLS/MSRP
ORACLE(tcp-media-profile-entry)#
```
If transport-protocol is TCP/TLS/MSRP, use the tls-profile parameter to identify the TLS profile that specifies the cryptographic resources available to support TLS operations.
This parameter can be safely ignored if transport-protocol is TCP/MSRP.
```
ORACLE(tcp-media-profile-entry)# tls-profile msrp1
ORACLE(tcp-media-profile-entry)#
```
If transport-protocol is TCP/TLS/MSRP, use the require-fingerprint parameter to enable or disable endpoint authentication using the certificate fingerprint methodology defined in RFC 4572, Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP).
By default, mutual authentication is disabled.

This parameter can be safely ignored if transport-protocol is TCP/MSRP.
```
ORACLE(tcp-media-profile-entry)# require-fingerprint enabled
ORACLE(tcp-media-profile-entry)#
```
Use the preferred-setup-role parameter to specify the value the B2BUA uses for the a=setup attribute when negotiating the setup up role, regardless of the role (offerer or answerer) assumed by the B2BUA in the SDP offer/answer exchange.
The value of preferred-setup-role is used for the value of the a=setup attribute when the B2BUA makes an offer SDP and when the B2BUA replies to an offer SDP that has a=setup:actpass. It is not used when the B2BUA is forced into a role by the offerer, that is, if the offerer sends a=setup:active, the B2BUA must answer with a=setup:passive (and vice versa).

Allowable values are passive (the default) and active.

active indicates that the B2BUA creates an outgoing connection.

passive indicates that the B2BUA accepts an incoming connection.

Acme Packet strongly recommends that users retain the default value, passive.
```
ORACLE(tcp-media-profile-entry)# preferred-setup-role passive
ORACLE(tcp-media-profile-entry)#
```
Use done, exit, and verify-config to complete tcp-media-profile configuration.
Repeat Steps 1 through 9 to configure additional tcp-media-profiles as required.

realm Configuration

Use the following procedure to assign a single, specific tcp-media-profile to a target realm.

From superuser mode, use the following command sequence to access  realm-config configuration mode. While in realm-config mode, you assign a  tcp-media-profile to a realm.
```
ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# realm-config
ORACLE(realm-config)#
```
Use the select command to identify the target realm.
Use the tcp-media-profile parameter to assign a specific, named  tcp-media-profile to the target realm.
```
ORACLE(realm-config)# tcp-media-profile tlsMutualAuth
ORACLE(realm-config)#
```
Use done, exit, and verify-config to complete tcp-media-profile assignment.

tls-profile Configuration

Use the following procedure to create a tls-profile configuration object, which specifies cryptographic resources available in support of TLS operations.

Note:

The option allow-self-signed-cert is only available for MSRP connections.

Access the tls-profile configuration element.

ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# tls-profile
ORACLE(tls-profile)#

Use the name parameter to provide a unique identifier for this TLS Profile instance.
```
ORACLE(tls-profile)# name tlsMutualAuth
ORACLE(tls-profile)#
```
If the require-fingerprint attribute of the tcp-media-profile is set to enabled, use the mutual-authenticate parameter to enable mutual authentication.
```
ORACLE(tls-profile)# mutual-authenticate enabled
ORACLE(tls-profile)#
```
Retain default values for other parameters.
Type done to save your configuration.
Repeat Steps 1 through 5 to configure additional tls-profiles as required.