Configuring SIP Support for SRTP
First Published: June 29, 2007
Last Updated: August 5, 2009
This module contains information about configuring Session Initiation Protocol (SIP) support for the Secure Real-time Transport Protocol (SRTP). SRTP is an extension of the Real-time Transport Protocol (RTP) Audio/Video Profile (AVP) and ensures the integrity of RTP and Real-Time Control Protocol (RTCP) packets that provide authentication, encryption, and the integrity of media packets between SIP endpoints.
SIP support for SRTP was introduced in Cisco IOS Release 12.4(15)T. In this and later releases, you can configure the handling of secure RTP calls on both a global level and on an individual dial peer basis on Cisco IOS voice gateways. You can also configure the gateway (or dial peer) either to fall back to (nonsecure) RTP or to reject (fail) the call for cases where an endpoint does not support SRTP.
The option to allow negotiation between SRTP and RTP endpoints was added for Cisco IOS Release 12.4(20)T and later releases, as was interoperability of SIP support for SRTP on Cisco IOS voice gateways with Cisco Unified Communications Manager. In Cisco IOS Release 12.4(22)T and later releases, you can configure SIP support for SRTP on Cisco Unified Border Elements (Cisco UBEs), as well.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring SIP Support for SRTP" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Prerequisites for Configuring SIP Support for SRTP
•Restrictions for Configuring SIP Support for SRTP
•Information About Configuring SIP Support for SRTP
•How to Configure SIP Support for SRTP
•Configuring SRTP and SRTP Fallback on a Dial Peer
•Additional References
•Feature Information for Configuring SIP Support for SRTP
•Glossary
Prerequisites for Configuring SIP Support for SRTP
•Establish a working IP network and configure VoIP.
Note For information about configuring VoIP, see Enhancements to the Session Initiation Protocol for VoIP on Cisco Access Platforms.
•Ensure that the gateway has voice functionality configured for SIP.
•Ensure that your Cisco router has adequate memory.
•As necessary, configure the router to use Greenwich Mean Time (GMT). SIP requires that all times be sent in GMT. SIP INVITE messages are sent in GMT. However, the default for routers is to use Coordinated Universal Time (UTC). To configure the router to use GMT, issue the clock timezone command in global configuration mode and specify GMT.
Restrictions for Configuring SIP Support for SRTP
•The SIP gateway does not support codecs other than those listed in the table titled "SIP Codec Support by Platform and Cisco IOS Release" in the "Enhanced Codec Support for SIP Using Dynamic Payloads" section of the Configuring SIP QoS Features module.
•SIP requires that all times be sent in GMT.
Information About Configuring SIP Support for SRTP
The SIP Support for SRTP features use encryption to secure the media flow between two SIP endpoints. Cisco IOS voice gateways and Cisco Unified Border Elements use the Digest method for user authentication and, typically, they use Transport Layer Security (TLS) for signaling authentication and encryption.
Note To provide more flexibility, TLS signaling encryption is no longer required for SIP support of SRTP in Cisco IOS Release 12.4(22)T and later releases. Secure SIP (SIPS) is still used to establish and determine TLS but TLS is no longer a requirement for SRTP, which means calls established with SIP only (and not SIPS) can still successfully negotiate SRTP without TLS signaling encryption. This also means you could configure encryption using a different protocol, such as IPsec.
However, Cisco does not recommend configuring SIP support for SRTP without TLS signaling encryption because doing so compromises the intent of forcing media encryption (SRTP).
When TLS is used, the cryptographic parameters required to successfully negotiate SRTP rely on the cryptographic attribute in the Session Description Protocol (SDP). To ensure the integrity of cryptographic parameters across a network, SRTP uses the SIPS schema (sips:example.com). If the Cisco IOS voice gateway or Cisco Unified Border Element is configured to use TLS encryption and sends an invite to an endpoint that cannot provide TLS support, that endpoint rejects the INVITE message. For cases like these, you can configure the gateway or Cisco UBE either to fall back to an RTP-only call or to reject the call.
The SIP support for SRTP features provide the following security benefits:
•Confidentiality of RTP packets—protects packet-payloads from being read by unapproved entities but does so without authorized entities having to enter a secret encryption key.
•Message authentication of RTP packets—protects the integrity of the packet against forgery, alteration, or replacement.
•Replay protection—protects the session address against denial of service attacks.
Table 1 describes the security level of SIP INVITE messages according to which of the four possible combinations of TLS and SRTP is configured.
Table 1 TLS-SRTP Combinations
|
|
|
On |
On |
Signaling and media are secure. |
Off |
On |
Signaling is insecure: •If you use the srtp fallback command, the gateway sends an RTP-only SDP. •If you do not configure the srtp fallback command, the call fails and the gateway does not send an INVITE message. Note In Cisco IOS Release 12.4(20)T and later releases (and, for Cisco UBEs, in Cisco IOS Release 12.4(22)T and later releases), calls established with SRTP only (and not SIPS) will succeed even if the srtp fallback command is not configured. |
On |
Off |
RTP-only call. |
Off |
Off |
Signaling and media are not secure. |
Cryptographic Parameters
RFC 3711 defines the SRTP cryptographic parameters, including valid syntax and values for attribute a=crypto (see Table 2). Some of these parameters are declarative and apply only to the send direction of the declarer, while others are negotiable and apply to both send and receive directions.
The following shows the cryptographic attribute syntax:
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
Table 2 summarizes the syntax for the cryptographic attribute.
Table 2 Cryptographic Attribute Syntax
|
|
|
tag |
No |
The tag attribute is a unique decimal number used as an identifier for a particular cryptographic attribute to determine which of the several offered cryptographic attributes was chosen by the answerer. |
crypto-suite |
No |
The crypto-suite attribute defines the encryption and authentication algorithm. Cisco IOS voice gateways and Cisco UBEs support default suite AES_CM_128_HMAC_SHA1_32 (AES-CM encryption with a 128-bit key and HMAC-SHA1 message authentication with a 32-bit tag). |
key-params |
No |
"inline:" <key| |salt> ["|" lifetime] ["|" MKI ":" length] key| | salt is base64 encoded contacted master key and salt. |
session-params |
Yes |
The session-params attribute is specific to a given transport and is optional. The gateway does not generate any session-params in an outgoing INVITE message, nor will the SDP library parse them. |
SDP Negotiation
To allow calls to succeed between endpoints that do not support SRTP, you can enable SIP support for SRTP by configuring the srtp command but you can also enable fall back to the RTP mechanism in cases where SRTP is not supported by one or both endpoints. To configure a Cisco IOS voice gateway or Cisco Unified Border Element to fall back to RTP when SRTP is not supported, configure the srtp fallback command either globally or for an individual dial peer.
When the srtp command is enabled, the offer SDP in the INVITE message has only one m line for the RTP/SAVP (RTP/Secure AVP) transport type. If a called endpoint does not support SRTP, the call fails with a 4xx error. However, if you configure the srtp fallback command, the gateway generates another INVITE message with an RTP-only offer instead of simply allowing the call to fail.
Note In Cisco IOS Release 12.4(20)T and later releases (and, for Cisco UBEs, in Cisco IOS Release 12.4(22)T and later releases), calls established with SRTP only (and not SIPS) will succeed even if the srtp fallback command is not configured.
When the gateway or Cisco Unified Border Element is the called endpoint, it will accept an offer with an m line value of SRTP-only, RTP-only, or both SRTP and RTP. For calls with two m lines (SRTP and RTP), the negotiation depends on the configuration of the inbound dial peer or global configuration. Only one m line negotiates—the port number in the other m line is set to 0.
Table 3 summarizes the behavior of the gateway during negotiation.
Table 3 Gateway Behavior During Negotiations
|
INVITE Message Received with SRTP
|
INVITE Message Received with SRTP and RTP
|
INVITE Message Received with RTP
|
SRTP only |
SRTP call. |
SRTP call, port number in m line of RTP set to 0. |
488 (unacceptable media). |
SRTP with fallback |
SRTP call. |
SRTP call, port number in m line of RTP set to 0. |
RTP call, port number in m line of SRTP set to 0. |
No SRTP |
488 (unacceptable media). |
RTP call, port number in m line of SRTP set to 0. |
RTP call. |
The following example shows an offer SDP with two m lines that use the cryptographic attribute for the RTP/SAVP media transport type:
o=CiscoSystemsSIP-GW-UserAgent 7826 3751 IN IP4 172.18.193.98
a=crypto:1 AES_CM_128_HMAC_SHA1_32
inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
The following example shows the corresponding answer SDP with SRTP supported:
o=CiscoSystemsSIP-GW-UserAgent 7826 3751 IN IP4 172.18.193.98
a=crypto:1 AES_CM_128_HMAC_SHA1_32
inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
Call Control and Signaling
SIP uses the SRTP library to receive cryptographic keys. If you configure SRTP for the call and cryptographic context is supported, SDP offers the cryptographic parameters. If the cryptographic parameters are negotiated successfully, the parameters are downloaded to the DSP, which encrypts and decrypts the packets. The sender encrypts the payload by using the AES algorithm and builds an authentication tag, which is encapsulated to the RTP packet. The receiver verifies the authentication tag and then decrypts the payload.
Default and Recommended SRTP Settings
Table 4 lists the default and recommended SRTP settings.
Table 4 Default and Recommended SRTP Settings
|
|
|
Key derivation rate |
0 |
0—Rekeying is supported |
Master key length |
128 bits |
128 bits |
Master salt key length |
112 bits |
112 bits |
MKI indicator |
0 |
0 |
MKI length |
0 |
0 |
PRF |
AES_CM |
128 |
Session authentication key length |
128 |
128 |
Session encryption key length |
128 bits |
128 bits |
Session salt key length |
112 |
112 |
SRTP authentication |
HMAC-SHA1 |
HMAC-SHA1 |
SRTCP authentication |
HMAC-SHA1 |
HMAC-SHA1 |
SRTP cipher |
AES_CM |
AES_CM |
SRTCP cipher |
AES_CM |
NULL |
SRTP HMAC tag length |
80 |
32 (voice)—Supported 80 (other)—Not supported |
SRTCP HMAC tag length |
80 |
80 |
SRTP packets maximum lifetime |
2^48 packets |
2^48 packets |
SRTCP packets maximum lifetime |
2^31 packets |
2^31 packets |
SRTP replay-window size |
64 |
64—Not supported |
SRTCP replay-window size |
64 |
64—Not supported |
Before an SRTP session can be established on a Cisco IOS voice gateway or Cisco UBE, the following cryptographic information must be exchanged in SDP between the two endpoints:
•Crypto suite—crypto algorithm {AES_CM_128_HMAC_SHA1_32} and the supported codec list {g711, G729, G729a}. There could be one or more crypto suites. Cisco IOS Release 12.4(15)T supports only one crypto suite.
•Crypto context—16-byte master key and a 14-byte master salt.
Generating Master Keys
The SRTP library provides an application program interface (API), srtp_generate_master_key, to generate a random master key. For encryption and authentication purposes, the key length is 128 bits (master key and session keys). Additionally, RFC 3711 introduces "salting keys"—master salts and sessions salts—and strongly recommends the use of a master salt in the key derivation of session keys. The salting keys (salts) are used to fight against pre-computation and time-memory tradeoff attacks.
The master salt (also known as the n-bit SRTP key) prevents off-line key-collision attacks on the key derivation and, when used, must be random (but can be public). The master salt is derived from the master key and is used in the key derivation of session keys. Session salts, in turn, are used in encryption to counter various attacks against additive stream ciphers. All salting keys (master salt and session salts) are 112 bits.
SRTP Offer and Answer Exchange
If you configure the gateway for SRTP (globally or on an individual dial peer) and end-to-end TLS, an outgoing INVITE message has cryptographic parameters in the SDP.
If you use the srtp fallback command and the called endpoint does not support SRTP (offer is rejected with a 4xx class error response), the gateway or Cisco Unified Border Element sends an RTP offer SDP in a new INVITE request. If you do not configure the srtp fallback command, the call fails.
Note In Cisco IOS Release 12.4(20)T and later releases (and, for Cisco UBEs, in Cisco IOS Release 12.4(22)T and later releases), calls established with SRTP only (and not SIPS) will succeed even if the srtp fallback command is not configured.
When a gateway or Cisco Unified Border Element receives an SRTP offer, negotiation is based on the inbound dial peer if specified and, if not, the global configuration. If multiple cryptographic attributes are offered, the gateway selects an SRTP offer it supports (AES_CM_128_HMAC_SHA1_32). The cryptographic attribute will include the following:
•The tag and same crypto suite from the accepted cryptographic attribute in the offer.
•A unique key the gateway generates from the SRTP library API.
•Any negotiated session parameters and its own set of declarative parameters, if any.
If this cryptographic suite is not in the list of offered attributes, or if none of the attributes are valid, the SRTP negotiation fails. If the INVITE message contains an alternative RTP offer, the gateway (or Cisco UBE) negotiates and the call falls back to (nonsecure) RTP mode. If there is no alternative offer and the SRTP negotiation fails, the INVITE message is rejected with a 488 error (Not Acceptable Media).
Rekeying Rules
There is no rekeying on an SRTP stream. A REINVITE/UPDATE message is used in an established SIP call to update media-related information (codec, destination address, and port number) or other features, such as call-hold. A new key need only be generated if the offer SDP has a new connection address or port. Because the source connection address and port do not change, the gateway or Cisco UBE will not generate a new master key after a key has been established for an SRTP session.
Call-Feature Interactions
This section describes call-feature interactions when SIP Support for SRTP features are configured.
Call Hold
If a gateway receives a call hold REINVITE message after an initial call setup is secured, the gateway places the existing SRTP stream on hold, and its answer in the 200 OK message depends on the offer SDP. If there is a cryptographic attribute in the offer, the gateway responds with a cryptographic attribute in its answer.
Signaling Forking
A proxy can fork an INVITE message that contains an SRTP offer, which can result in multiple SRTP streams until a 200 OK message is received. Because the gateway always honors the last answer, the gateway deletes previous SRTP streams and creates a new stream to the latest endpoint. Other endpoints might also stream to the gateway, but because the DSP knows only the last streams's cryptographic suite and key, authentication on these packets fails, and the packets are dropped.
Call Redirection
A gateway redirects a call when an INVITE message, sent to a proxy or redirect server, results in a 3xx response with a list of redirected contact addresses. The gateway handles a 3xx response based on the schema in the contact of a 3xx message. If the message is SIP, and you configure the call for SRTP with fallback, the gateway offers an SRTP-only redirected INVITE message. If you configure for SRTP only, the offer is SRTP only.
If the schema is SIP, and you use the srtp fallback command to configure the call for RTP with fallback, the INVITE message has an RTP offer. If you do not configure the srtp fallback command, the call fails.
Note In Cisco IOS Release 12.4(20)T and later releases (and, for Cisco UBEs, in Cisco IOS Release 12.4(22)T and later releases), calls established with SRTP only (and not SIPS) will succeed even if the srtp fallback command is not configured.
Call Transfer
The SIP Support for SRTP feature interaction with call transfer depends on your outbound dial peer or global configuration. During a call transfer, the gateway sends an INVITE message to establish the connection to the transfer target. The gateway includes an SRTP offer in the INVITE message if the outbound dial peer or global configuration includes the SRTP offer.
T.38 Fax
The T.38 transport supported is User Datagram Protocol (UDP). A T.38 call is initiated as a voice call, which can be RTP or SRTP, and when it switches to T.38 fax mode, the fax call is not secure. When the fax is switched back to voice, the call returns to its initial voice state.
Conferencing Calls
For conferencing calls, the incoming INVITE message does not match any inbound dial peer and the message body is sent to the application in a container. The conferencing application performs the necessary negotiation and replies through PROGRESS or CONNECT events.
How to Configure SIP Support for SRTP
Before configuring SIP support for SRTP on a gateway or Cisco Unified Border Element, it is strongly recommended you first configure SIPS either globally or on an individual dial peer basis. The configuration on a dial peer overrides the global configuration.
This section contains the following configurations:
•Configuring SIPS Globally (optional)
•Configuring SIPS on a Dial Peer (optional)
•Configuring SRTP and SRTP Fallback Globally (required)
•Configuring SRTP and SRTP Fallback on a Dial Peer (optional)
Configuring SIPS Globally
To configure secure SIP (SIPS) globally on a Cisco IOS voice gateway or Cisco Unified Border Element, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service {pots | voatm | vofr | voip}
4. sip
5. url sips
6. exit
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
voice service {pots | voatm | vofr | voip}
Router(config)# voice service voip |
Enters voice service configuration mode. |
Step 4 |
sip
Router(conf-voi-serv)# sip |
Enters SIP configuration mode. |
Step 5 |
url sips
Router(conf-serv-sip)# url sips |
Specifies generation of URLs in SIPS format for VoIP calls for all dial peers on the voice gateway or Cisco UBE. |
Step 6 |
exit
Router(conf-serv-sip)# exit |
Exits the current mode. |
Configuring SIPS on a Dial Peer
To configure secure SIP (SIPS) on an individual dial peer, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag {pots | vofr | voip}
4. voice-class sip url sips
5. exit
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
dial-peer voice tag {pots | vofr | voip}
Router(config)# dial-peer voice 111 voip |
Enters dial peer voice configuration mode. |
Step 4 |
voice-class sip url sips
Router(config-dial-peer)# voice-class sip url sips |
Specifies configuration of URLs in SIPS format for VoIP calls for a specific dial peer. |
Step 5 |
exit
Router(config-dial-peer)# exit |
Exits the current mode. |
Configuring SRTP and SRTP Fallback Globally
To configure SRTP and SRTP fallback behavior globally on a Cisco IOS voice gateway or Cisco Unified Border Element, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service {pots | voatm | vofr | voip}
4. srtp
5. srtp fallback
6. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
voice service {pots | voatm | vofr | voip}
Router(config)# voice service voip |
Enters voice service configuration mode. |
Step 4 |
srtp
Router(conf-voi-serv)# srtp |
Configures secure RTP calls. |
Step 5 |
srtp fallback
Router(conf-voi-serv)# srtp fallback |
Configures a fallback to RTP calls in case secure RTP calls fail due to lack of support from an endpoint. |
Step 6 |
exit
Router(conf-voi-serv)# exit |
Exits the current mode. |
Configuring SRTP and SRTP Fallback on a Dial Peer
To configure SRTP and SRTP fallback behavior on an individual dial peer that overrides the global SRTP configuration, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag {pots | vofr | voip}
4. srtp
5. srtp fallback
6. exit
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
dial-peer voice tag {pots | vofr | voip}
Router(config)# dial-peer voice 111 voip |
Enters dial peer voice configuration mode. |
Step 4 |
srtp
Router(config-dial-peer)# srtp |
Configures secure RTP calls. |
Step 5 |
srtp fallback
Router(config-dial-peer)# srtp fallback |
Configures a fallback to RTP calls in case secure RTP calls fail due to lack of support from an endpoint. |
Step 6 |
exit
Router(config-dial-peer)# exit |
Exits the current mode. |
Configuration Examples for Configuring SIP Support for SRTP
The following example shows how to configure SIPS globally on a Cisco IOS voice gateway or Cisco Unified Border Element:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# voice service voip
Router(conf-voi-serv)# sip
Router(conf-serv-sip)# url sips
Router(conf-serv-sip)# exit
The following example shows how to configure SIPS on dial peer 111:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# dial-peer voice 111 voip
Router(config-dial-peer)# voice-class sip url sips
Router(config-dial-peer)# exit
The following example shows how to configure for SRTP with fallback to RTP globally on a Cisco IOS voice gateway or Cisco Unified Border Element:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# voice service voip
Router(conf-voi-serv)# srtp
Router(conf-voi-serv)# srtp fallback
Router(conf-voi-serv)# exit
The following example shows how to configure for SRTP with fallback to RTP on dial peer 111:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# dial-peer voice 111 voip
Router(config-dial-peer)# srtp
Router(config-dial-peer)# srtp fallback
Router(config-dial-peer)# exit
Additional References
The following sections provide references related to configuring the SIP Support for SRTP features.
Related Documents
RFCs
MIBs
|
|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
Technical Assistance
|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
http://www.cisco.com/techsupport |
Feature Information for Configuring SIP Support for SRTP
Table 5 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(1) or Cisco IOS Releases 12.2(1) or 12.0(3)S or a later release appear in the table.
For information on a feature in this technology that is not documented here, see the Cisco IOS SIP Features Roadmap module at http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-roadmap.html.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 5 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release. Unless noted otherwise, subsequent releases of that Cisco IOS software release also support that feature.
Table 5 Feature Information for Configuring SIP Support for SRTP
|
|
|
SIP Support for SRTP |
12.4(15)T |
This feature introduces SIP support for supplementary services features, such as call hold, call transfer, call waiting, and call conference (3WC) using hook flash (HF) for FXS phones on Cisco IOS voice gateways. The following commands were introduced or modified: srtp, srtp fallback. |
SIP SRTP Fallback to Nonsecure RTP |
12.4(15)XY 12.4(20)T |
This feature extends the existing SRTP to RTP fallback on Cisco IOS voice gateways to support a delayed offer and adds support for SRTP over SIP. The following commands were introduced or modified: srtp negotiate, voice-class sip srtp negotiate. |
Interworking of Secure RTP calls for SIP and H323 |
12.4(20)T |
This feature provides an option for a Secure RTP (SRTP) call to be connected from H323 to SIP and from SIP to SIP. Additionally, this feature extends SRTP fallback support from the Cisco IOS voice gateway to the Cisco Unified Border Element. This feature uses no new or modified commands. |
SIP SRTP Fallback to Nonsecure RTP for Cisco Unified Border Elements |
12.4(22)T |
This feature adds support for both SRTP to RTP fallback with a delayed offer and SRTP over SIP to the Cisco Unified Border Element. This feature uses no new or modified commands. |
Cisco Unified Border Element Support for SRTP-RTP Internetworking |
12.4(22)YB |
This feature provides the ability to support interworking between SRTP on one IP leg and RTP on another IP leg of a Cisco Unified Border Element. The following command was introduced or modified: tls. |
Glossary
AVP—Audio/Video Profile.
CAC—Call Admission Control.
CME—Communications Manager Express.
CVP—Customer Voice Portal.
GW—gateway.
ISDN—Integrated Services Digital Network.
MIME—Multipurpose Internet Mail Extensions.
m line—The media-level section of an SDP session begins and ends with an "m" line that confines the information about the media stream.
MOH—music on hold.
OGW—originating gateway (ingress gateway).
PBX—Private Branch Exchange.
PINX—private integrated services network exchange.
PISN—private integrated services network.
QoS—quality of service.
QSIG—Q Signaling protocol.
RSVP—Resource Reservation Protocol.
RTP—Real-time Transport Protocol.
SDP—Session Description Protocol.
SIP—Session Initiation Protocol.
SRTP—Secure Real-time Transport Protocol.
TDM—time-division multiplexing.
TGW—terminating gateway (egress gateway).
UA—user agent.
UDP—User Datagram Protocol.
URI—uniform resource identifier.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2007-2009 Cisco Systems, Inc. All rights reserved.