Cisco Cisco TelePresence MCU 4510 Maintenance Manual
Configuring encryption settings
Cisco TelePresence MCU Version 4.2 Printable online help
Page 177 of 252
SRTP
encryption
encryption
Select the setting for media encryption for
SIP calls:
SIP calls:
All transports: If encryption is used for
a call, the media will be encrypted
using SRTP regardless of transport
mechanism used for call control
messages.
a call, the media will be encrypted
using SRTP regardless of transport
mechanism used for call control
messages.
Secure transports (TLS) only: If
encryption is used for a call, the media
will only be encrypted in calls that are
set up using TLS.
encryption is used for a call, the media
will only be encrypted in calls that are
set up using TLS.
Disabled: SRTP will not be used for
any calls. The MCU will not encrypt
media for SIP calls.
any calls. The MCU will not encrypt
media for SIP calls.
For more information refer to
Using
encryption with SIP
, below.
When disabled, the MCU will not advertise
that it is able to encrypt using SRTP. It is
only necessary to disable SRTP if it is
causing problems.
that it is able to encrypt using SRTP. It is
only necessary to disable SRTP if it is
causing problems.
Using encryption with SIP
The MCU supports the use of encryption with SIP. When encryption is in use with SIP, the audio and
video media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the
default mechanism for exchanging keys is Session Description Protocol Security Description (SDES).
SDES exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure
transport for call control messages. You can configure the MCU to also use Transport Layer Security
(TLS) which is a secure transport mechanism that can be used for SIP call control messages.
video media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the
default mechanism for exchanging keys is Session Description Protocol Security Description (SDES).
SDES exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure
transport for call control messages. You can configure the MCU to also use Transport Layer Security
(TLS) which is a secure transport mechanism that can be used for SIP call control messages.
Using TLS for call setup is not sufficient for the call to be considered encrypted such that it can
participate in a conference which requires encryption. Where encryption is required in the conference
configuration, a SIP call must use SRTP.
participate in a conference which requires encryption. Where encryption is required in the conference
configuration, a SIP call must use SRTP.
To configure the MCU to use SRTP to encrypt media in calls that are set up using TLS:
1. You must have the encryption feature key installed on your MCU.
2. Go to Settings > Encryption and set:
•
Encryption status to Enabled.
•
SRTP encryption to Secure transports (TLS) only.
3. Go to Settings > SIP and set Outgoing transport to TLS. To allow the MCU to accept incoming
calls that use TLS, go to Network > Services and ensure that Incoming Encrypted SIP (TLS) is
selected.
selected.
Note
:
It is possible to make encryption the default on newly created conferences by setting the
Encryption field on the conference template settings to Required. Go to Conferences > Templates.