1. ACLI Configuration Guide
  2. Security
  3. Secure Real-Time Transport Protocol
  4. SDES Configuration
  5. Media Security Policy Configuration

Media Security Policy Configuration

Use the following procedure to create a Media Security Policy that specifies the role of the Oracle® Enterprise Session Border Controller in the security negotiation. If the Oracle® Enterprise Session Border Controller takes part in the negotiation, the policy specifies a key exchange protocol and SDES profile for both incoming and outgoing calls.

Note:

The media security policy configuration does not apply to hairpin calls.

To configure media-security-policy parameters:

  1. From superuser mode, use the following command sequence to access media-sec-policy configuration mode. 
    ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# media-security
ORACLE(media-security)# media-sec-policy
ORACLE(media-sec-policy)#
  2. Use the required name parameter to provide a unique identifier for this media-sec-policy instance.

    name enables the creation of multiple media-sec-policy instances.

  3. Use optional pass-thru parameter to enable or disable pass-thru mode.

    With pass-thru mode enabled, the User Agent (UA) endpoints negotiate security parameters between each other; consequently, the Oracle® Enterprise Session Border Controller simply passes SRTP traffic between the two endpoints.

    With pass-thru mode disabled (the default state), the Oracle® Enterprise Session Border Controller disallows end-to-end negotiation — rather the Oracle® Enterprise Session Border Controller initiates and terminates SRTP tunnels with both endpoints.

  4. Use the outbound navigation command to move to media-sec-outbound configuration mode. While in this configuration mode you specify security parameters applied to the outbound call leg, that is calls sent by the Oracle® Enterprise Session Border Controller.
  5. Use the protocol parameter to select the key exchange protocol.

    Select sdes for SDES key exchange.

  6. Use the profile parameter to specify the name of the SDES profile applied to calls sent by the Oracle® Enterprise Session Border Controller.
  7. Use the mode parameter to select the real time transport protocol.

    Allowable values are rtp and srtp (the default).

    mode identifies the transport protocol (RTP or SRTP) included in an SDP offer when this media-security-policy is in effect.

  8. Use the done and exit parameters to return to media-sec-policy configuration mode.
  9. Use the inbound navigation command to move to media-sec-inbound configuration mode. While in this configuration mode you specify security parameters applied to the inbound call leg, that is calls received by the Oracle® Enterprise Session Border Controller.
  10. Use the protocol parameter to select the key exchange protocol.

    Select sdes for SDES.

  11. Use the profile parameter to specify the name of the SDES profile applied to calls received by the Oracle® Enterprise Session Border Controller.
  12. Use the mode parameter to select the real time transport protocol.

    Allowable values are rtp and srtp (the default).

    mode identifies the transport protocol (RTP or SRTP) accepted in an SDP offer when this media-security-policy is in effect.

  13. Use done, exit, and verify-config to complete configuration of this media security policy instance.
  14. Repeat Steps 1 through 13 to configure additional media-security policies.