Cisco Cisco IOS Software Release 12.2(33)XNE
1-16
Cisco 10000 Series Router Lawful Intercept Configuration Guide
OL-3426-03
Chapter 1 Lawful Intercept Overview
Information About Lawful Intercept
Note
On a PRE2, CALEA for Voice supports Layer 3 tap functionality, including 32 concurrent taps and 6.1
Mbps (of any traffic) maximum rate without detection.
Mbps (of any traffic) maximum rate without detection.
Network Components Used for Lawful Intercept
The following network components are used for lawful intercepts:
•
•
•
For information about lawful intercept processing, see the
.
Mediation Device
A mediation device (supplied by third-party vendor) handles most of the processing for the lawful
intercept. The mediation device:
intercept. The mediation device:
•
Provides the interface used to set up and provision the lawful intercept.
•
Generates requests to other network devices to set up and run the lawful intercept.
•
Converts the intercepted traffic into the format required by the LEA (which can vary from country
to country) and sends a copy of the intercepted traffic to the LEA without the target’s knowledge.
to country) and sends a copy of the intercepted traffic to the LEA without the target’s knowledge.
Note
If multiple LEAs are performing intercepts on the same target, the mediation device must
make a copy of the intercepted traffic for each LEA. The mediation device is also
responsible for restarting any lawful intercepts that are disrupted due to a failure.
make a copy of the intercepted traffic for each LEA. The mediation device is also
responsible for restarting any lawful intercepts that are disrupted due to a failure.
Intercept Access Point
An intercept access point (IAP) is a device that provides information for the lawful intercept. There are
two types of IAPs:
two types of IAPs:
•
Identification (ID) IAP—A device, such as an authentication, authorization, and accounting (AAA)
server, that provides intercept related information (IRI) for the intercept (for example, the target’s
username and system IP address). The IRI helps the service provider determine which content IAP
(router) the target’s traffic passes through.
server, that provides intercept related information (IRI) for the intercept (for example, the target’s
username and system IP address). The IRI helps the service provider determine which content IAP
(router) the target’s traffic passes through.
•
Content IAP—A device, such as a Cisco 10000 series router, that the target’s traffic passes through.
The content IAP:
The content IAP:
•
Intercepts traffic to and from the target for the length of time specified in the court order. The
router continues to forward traffic to its destination to ensure that the wiretap is undetected.
router continues to forward traffic to its destination to ensure that the wiretap is undetected.
•
Creates a copy of the intercepted traffic, encapsulates it in User Datagram Protocol (UDP) packets,
and forwards the packets to the mediation device without the target’s knowledge.
and forwards the packets to the mediation device without the target’s knowledge.