IMS-AKA Change Client Port Configuration

An IMS-AKA profile establishes the client and server ports to be protected, and it defines lists of encryption and authentication algorithms the profile supports. You can configure multiple IMS-AKA profiles, which are uniquely identified by their names.

You apply an IMS-AKA profile to a SIP port configuration using the name.

To configure an IMS-AKA profile:

1. From Superuser mode, use the following command sequence to navigate to ims-aka-profile configuration mode.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# ims-aka-profile
   ORACLE(ims-aka-profile)#

2. name—Enter the name you want to give this IMS-AKA profile. This is the value you will use to apply the profile to a SIP port configuration. This parameter is required, and it has no default value.
3. protected-server-port—Enter the port number of the protected server port, which is the port on which the Oracle Communications Unified Session Manager receives protected messages. The protected server port should not overlap with the port range defined in the steering ports configuration using the same IP address and the SIP interface. If there is overlap, the NAT table entry for the steering port used in a call will prevent SIP messages from reaching the system’s host processor.

   This parameter defaults to 0, which disables the function associated with the parameter. The valid range for values is 1025 to 65535.

4. start-protected-client-port (protected-client-port in Release S-CX6.3.3M2 and earlier releases)—Enter the start value for the pool of port numbers available following a successful re-authentication. Like the protected server port, the protected client port pool should not overlap with the port range defined in the steering ports configuration using the same IP address and the SIP interface. If there is overlap, the NAT table entry for the steering port used in a call will prevent SIP messages from reaching the system’s host processor.

   Any existing configuration for protected-client-port will be mapped to both start-protected-client-port and end-protected-client-port parameter values.

   This parameter defaults to 0, which disables the function associated with the parameter. The valid range for values is 1025 to 65535.

5. end-protected-client-port—Enter the end value for the pool of port numbers available following a successful re-authentication. Ensure that this value is greater than the value assigned to start-protected-client-port. Note that the maximum supported pool contains 5 entries. Like the protected server port, the protected client port pool should not overlap with the port range defined in the steering ports configuration using the same IP address and the SIP interface. If there is overlap, the NAT table entry for the steering port used in a call will prevent SIP messages from reaching the system’s host processor.

   This parameter defaults to 0, which disables the function associated with the parameter. The valid range for values is 1025 to 65535.

6. encr-alg-list—Enter the list of encryption algorithms. You enter more than one value by separating the algorithms by <Spaces> and enclosing all values in quotations marks:

   This parameter defaults to the following three values: aes-cbc, des-ede3-cbc, and null.

7. auth-alg-list—Enter the list of authentication algorithms. You enter more than one value by separating the algorithms by <Spaces> and enclosing all values in quotations marks:

   This parameter defaults to hmac-sha-1-96.