Cisco Cisco IOS XE 3.13S
Configuring Media and Signaling Authentication and Encryption for Secure Voice Calls Globally
This task configures secure media authentication and encryption on the H.323 gateway. You can configure SRTP capability either
globally or at the dial peer level; configuration in only one mode is necessary.
globally or at the dial peer level; configuration in only one mode is necessary.
Before You Begin
We strongly recommend that you first establish an IPSec connection between gateways before you configure security using SRTP.
Otherwise, media keys will be sent in clear text and your voice call will not be considered secure.
Otherwise, media keys will be sent in clear text and your voice call will not be considered secure.
Procedure
Purpose
Command or Action
Enables privileged EXEC mode.
enable
Step 1
Example:
Router> enable
• Enter your password if prompted.
Enters global configuration mode.
configure terminal
Example:
Router# configure terminal
Step 2
Enters voice service configuration mode.
voice service voip
Step 3
Example:
Router(config)# voice service voip
• The voip keyword specifies VoIP encapsulation.
Enables security policies.
srtp [fallback]
Step 4
Example:
Router(conf-voi-serv)# srtp
• The srtp command enables secure calls using SRTP for media
encryption and authentication and disables fallback.
• The fallback keyword enables call fallback to nonsecure (RTP)
mode, allowing the user to make calls that are not secure.
This security policy applies to all calls going through the
gateway and is not configurable on a per-call basis.
gateway and is not configurable on a per-call basis.
Note
(Optional) Enables secure calls on a Cisco IOS multiservice IP-to-IP
gateway.
gateway.
allow-connections from-type to to-type
Example:
Router(conf-voi-serv)# allow-connections
h323 to h323
Step 5
Exits the current configuration mode.
exit
Example:
Router(conf-voi-serv)#
exit
Step 6
8