Cisco Cisco TelePresence MCU 4510 Maintenance Manual
Configuring the MCU
Cisco TelePresence MCU 4.3 Product administration guide
Page 165 of 242
Note that using encryption does not affect the number of ports that are available on the MCU.
Note that the MCU will not show thumbnail previews on the
Conference participant
page if encryption is
required for a conference. If you have the Show thumbnail images option selected on the
Settings > User
interface
page, thumbnail previews will be shown for conferences where encryption is optional and there are
encrypted participants.
Refer to this table for assistance configuring the encryption settings. After making any configuration
changes, click Apply changes.
changes, click Apply changes.
Field
Field description
Usage tips
Encryption
status
status
Whether the MCU is able to use
encryption or not.
encryption or not.
When encryption status is Enabled, the MCU advertises
itself as being able to use encryption and will use encryption
if required to do so by an endpoint. If this setting is Enabled,
you can enable or disable the use of encryption on a per-
conference basis.
itself as being able to use encryption and will use encryption
if required to do so by an endpoint. If this setting is Enabled,
you can enable or disable the use of encryption on a per-
conference basis.
If this setting is Disabled, no conference will be able to use
encryption.
encryption.
SRTP
encryption
encryption
Select the setting for media
encryption for SIP calls:
encryption for SIP calls:
n
All transports: If encryption is
used for a call, the media will be
encrypted using SRTP
regardless of transport
mechanism used for call control
messages.
used for a call, the media will be
encrypted using SRTP
regardless of transport
mechanism used for call control
messages.
n
Secure transports (TLS) only: If
encryption is used for a call, the
media will only be encrypted in
calls that are set up using TLS.
encryption is used for a call, the
media will only be encrypted in
calls that are set up using TLS.
n
Disabled: SRTP will not be used
for any calls. The MCU will not
encrypt media for SIP calls.
for any calls. The MCU will not
encrypt media for SIP calls.
For more information refer to
below.
When disabled, the MCU will not advertise that it is able to
encrypt using SRTP. It is only necessary to disable SRTP if it
is causing problems.
encrypt using SRTP. It is only necessary to disable SRTP if it
is causing problems.
Using encryption with SIP
The MCU supports the use of encryption with SIP. When encryption is in use with SIP, the audio and video
media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default
mechanism for exchanging keys is Session Description Protocol Security Description (SDES). SDES
exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure transport for call
control messages. You can configure the MCU to also use Transport Layer Security (TLS) which is a secure
transport mechanism that can be used for SIP call control messages.
media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default
mechanism for exchanging keys is Session Description Protocol Security Description (SDES). SDES
exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure transport for call
control messages. You can configure the MCU to also use Transport Layer Security (TLS) which is a secure
transport mechanism that can be used for SIP call control messages.
Using TLS for call setup is not sufficient for the call to be considered encrypted such that it can participate in
a conference which requires encryption. Where encryption is required in the conference configuration, a SIP
call must use SRTP.
a conference which requires encryption. Where encryption is required in the conference configuration, a SIP
call must use SRTP.
To configure the MCU to use SRTP to encrypt media in calls that are set up using TLS: