Cisco Cisco TelePresence MCU 4510 Maintenance Manual
Encryption
status
status
Whether the MCU is able to use
encryption or not.
encryption or not.
When encryption status is Enabled, the MCU advertises itself
as being able to use encryption and will use encryption if
required to do so by an endpoint. If this setting is Enabled,
you can enable or disable the use of encryption on a per-
conference basis.
as being able to use encryption and will use encryption if
required to do so by an endpoint. If this setting is Enabled,
you can enable or disable the use of encryption on a per-
conference basis.
If this setting is Disabled, no conference will be able to use
encryption.
encryption.
SRTP
encryption
encryption
Select the setting for media
encryption for SIP calls:
encryption for SIP calls:
n
All transports: If encryption is
used for a call, the media will be
encrypted using SRTP
regardless of transport
mechanism used for call control
messages.
used for a call, the media will be
encrypted using SRTP
regardless of transport
mechanism used for call control
messages.
n
Secure transports (TLS) only: If
encryption is used for a call, the
media will only be encrypted in
calls that are set up using TLS.
encryption is used for a call, the
media will only be encrypted in
calls that are set up using TLS.
n
Disabled: SRTP will not be used
for any calls. The MCU will not
encrypt media for SIP calls.
for any calls. The MCU will not
encrypt media for SIP calls.
For more information refer to
,
below.
When disabled, the MCU will not advertise that it is able to
encrypt using SRTP. It is only necessary to disable SRTP if it
is causing problems.
encrypt using SRTP. It is only necessary to disable SRTP if it
is causing problems.
Using encryption with SIP
The MCU supports the use of encryption with SIP. When encryption is in use with SIP, the audio and video
media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default
mechanism for exchanging keys is Session Description Protocol Security Description (SDES). SDES
exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure transport for call
control messages. You can configure the MCU to also use Transport Layer Security (TLS) which is a secure
transport mechanism that can be used for SIP call control messages.
media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default
mechanism for exchanging keys is Session Description Protocol Security Description (SDES). SDES
exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure transport for call
control messages. You can configure the MCU to also use Transport Layer Security (TLS) which is a secure
transport mechanism that can be used for SIP call control messages.
Using TLS for call setup is not sufficient for the call to be considered encrypted such that it can participate in
a conference which requires encryption. Where encryption is required in the conference configuration, a SIP
call must use SRTP.
a conference which requires encryption. Where encryption is required in the conference configuration, a SIP
call must use SRTP.
To configure the MCU to use SRTP to encrypt media in calls that are set up using TLS:
1. You must have the encryption feature key installed on your MCU.
2. Go to
Settings > Encryption
and set:
l
Encryption status to Enabled.
l
SRTP encryption to Secure transports (TLS) only.
3. Go to
Settings > SIP
and set Outgoing transport to TLS. To allow the MCU to accept incoming calls
that use TLS, go to
Network > Services
and ensure that Encrypted SIP (TLS) is selected.
Note: It is possible to make encryption the default on newly created conferences by setting the Encryption
field on the conference template settings to Required. Go to
field on the conference template settings to Required. Go to
Conferences > Templates
.
Cisco TelePresence MCU Series 4.5 Online Printable Help
Page 192 of 278
Configuring the MCU
Configuring encryption settings