1. Essentials Guide
  2. Oracle USM Supporting the IMS Edge
  3. IMS-AKA
  4. ACLI Instructions and Examples
  5. Setting Up an IMS-AKA Profile

Setting Up an IMS-AKA Profile

An IMS-AKA profile establishes the client and server ports to be protected, and it defines lists of encryption and authentication algorithms the profile supports. You can configure multiple IMS-AKA profiles, which are uniquely identified by their names.

You apply an IMS-AKA profile to a SIP port configuration using the name.

To configure an IMS-AKA profile:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
ORACLE(configure)#
  2. Type security and press Enter. 
    ORACLE(configure)# security
ORACLE(security)#
  3. Type ims-aka-profile and press Enter. 
    ORACLE(system)# ims-aka-profile
ORACLE(ims-aka-profile)#
  4. name—Enter the name you want to give this IMS-AKA profile. This is the value you will use to apply the profile to a SIP port configuration. This parameter is required, and it has no default value.
  5. protected-server-port—Enter the port number of the protected server port, which is the port on which the Oracle Communications Unified Session Manager receives protected messages. The protected server port should not overlap with the port range defined in the steering ports configuration using the same IP address and the SIP interface. If there is overlap, the NAT table entry for the steering port used in a call will prevent SIP messages from reaching the system’s host processor.

    This parameter defaults to 0, which disables the function associated with the parameter. The valid range for values is 1025 to 65535.

  6. protected-client-port—Enter the port number of the protected client port, which is the port on which the Oracle Communications Unified Session Manager sends out protected messages. Like the protected server port, the protected client port should not overlap with the port range defined in the steering ports configuration using the same IP address and the SIP interface. If there is overlap, the NAT table entry for the steering port used in a call will prevent SIP messages from reaching the system’s host processor.

    This parameter defaults to 0, which disables the function associated with the parameter. The valid range for values is 1025 to 65535.

  7. encr-alg-list—Enter the list of encryption algorithms. You enter more than one value by separating the algorithms by <Spaces> and enclosing all values in quotations marks: 
    ORACLE(ims-aka-profile)# encr-alg-list "aes-cbc null"

    This parameter defaults to the following three values: aes-cbc, des-ede3-cbc, and null.

  8. auth-alg-list—Enter the list of authentication algorithms. You enter more than one value by separating the algorithms by <Spaces> and enclosing all values in quotations marks: 
    ORACLE(ims-aka-profile)# auth-alg-list "hmac-sha-1-96 hmac-md5-96"

    This parameter defaults to hmac-sha-1-96.