Overview
SRTP-SRTP pass-through feature allows pass-through of encrypted media from one call-leg to the other.
Cisco Unified Border Element (CUBE) supports SIP calls between endpoints using Transport Layer Security (TLS) for SIP signaling encryption and Secure Real-Time Protocol (SRTP) to provide RTP media encryption. However, these two encryption mechanisms may not be deployed simultaneously, depending on the required call flow invoked on the associated configuration.
The following are conditions of the SRTP Passthrough feature:
-
SRTP Passthrough must be configured on both legs of the call. If the target adjacency does not support SRTP Passthrough, then the call is rejected by error message 415 (Unsupported Media Type).
-
"m= .. RTP/SAVP .." and a="crypto:..." fields coming in on an Invite from one adjacency are passed on in an Invite to the target adjacency.
-
"m= ...RTP/SAVP..." is a required field in the Invite to trigger SRTP Passthrough behavior in the CUBE.
Pass-Through of Unsupported Crypto Suites
Note |
Effective from Cisco IOS XE Everest Release 16.5.1b, CUBE supports AEAD_AES_128_GCM and AEAD_AES_256_GCM crypto-suites. For more information, see SRTP-SRTP Interworking. |
CUBE supports transparent passthrough of all (supported and unsupported) crypto suites.
CUBE has the ability to pass across crypto attributes (containing any unsupported crypto suites) as well as media packets (encrypted with unsupported crypto suites).
If SRTP pass-thru feature is enabled, media interworking will not be supported. Ensure that you have symmetric configuration on both the incoming and outgoing dial-peers to avoid media-related issues.
Feature Information
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Support for SRTP-SRTP Basic calls |
Baseline functionality |
This feature introduced support for basic SRTP-SRTP pass-through calls. |