set link-encryption

Last Updated : Aug 16, 2023 |

Description

Branch Gateway connects to a server using TLS version 1.2 by default.

However, the set link-encryption command can be used to specify if:

  • Specific TLS versions the gateway are enabled to be used that is TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 for H.248 communication with Avaya Aura® Communication Manager, SLA Monitor Service, and Syslog.

  • PTLS encryption is enabled for H.248 communication with Avaya Aura® Communication Manager.

  • Unencrypted H.248 communication is allowed with Avaya Aura® Communication Manager.

Important:

PTLS link-encryption is not allowed when FIPS mode is enabled.

Note:

In edge gateway mode the gateway automatically restricts the TLS to operate in version 1.2 or 1.3 for the H.248 or the MGSBC control links.

Syntax

set link-encryption h248reg {protocol} <yes | no>

Parameters

Parameter

Description

Possible Values

Default Value

{application}

  • h248reg

  • sla

  • syslog

{protocol}

  • all

  • tls

  • tls1.3

  • tls1.2

  • tls1.1

  • tls1.0

  • ptls (h248reg only)

  • unencrypted (h248reg only)

Modes: FIPs and non-FIPS

The following are the default options in FIPS and non-FIPS modes respectively:

Non-FIPS mode 
set link-encryption h248reg tls-1.3 yes
set link-encryption h248reg tls-1.2 yes
set link-encryption h248reg tls-1.1 no
set link-encryption h248reg tls-1.0 no
set link-encryption h248reg ptls yes
set link-encryption h248reg unencrypted yes

set link-encryption sla tls-1.3 yes
set link-encryption sla tls-1.2 yes
set link-encryption sla tls-1.1 no
set link-encryption sla tls-1.0 no

set link-encryption syslog tls-1.3 yes
set link-encryption syslog tls-1.2 yes
set link-encryption syslog tls-1.1 no
set link-encryption syslog tls-1.0 no
FIPS mode 
set link-encryption h248reg tls-1.3 yes
set link-encryption h248reg tls-1.2 yes
set link-encryption h248reg tls-1.1 no
set link-encryption h248reg tls-1.0 no
set link-encryption h248reg ptls no 
set link-encryption h248reg unencrypted no


set link-encryption sla tls-1.3 yes
set link-encryption sla tls-1.2 yes
set link-encryption sla tls-1.1 no
set link-encryption sla tls-1.0 no

set link-encryption syslog tls-1.3 yes
set link-encryption syslog tls-1.2 yes
set link-encryption syslog tls-1.1 no
set link-encryption syslog tls-1.0 no
Note:

PTLS is disabled while in FIPS mode.

Display a message on the screen that PTLS cannot be enabled while on FIPS mode.

User level

read-write

Context

General

Example

# set link-encryption h248reg all yes

TLS         :  yes
TLS 1.3     :  yes 
TLS 1.2     :  yes
TLS 1.1     :  yes
TLS 1.0     :  yes
PTLS        :  yes
Unencrypted :  yes

# set link-encryption h248reg unencrypted no

TLS         :  yes
TLS 1.3     :  yes 
TLS 1.2     :  yes
TLS 1.1     :  yes
TLS 1.0     :  yes
PTLS        :  yes
Unencrypted :  no

# set link-encryption sla  all yes

TLS         :  yes
TLS 1.3     :  yes 
TLS 1.2     :  yes
TLS 1.1     :  yes
TLS 1.0     :  yes


# set link-encryption syslog all yes

TLS : yes
TLS 1.3 : yes 
TLS 1.2 : yes
TLS 1.1 : yes
TLS 1.0 : yes

# set link-encryption sla  tls1.0 no

TLS         :  yes
TLS 1.3     :  yes
TLS 1.2     :  yes
TLS 1.1     :  yes
TLS 1.0     :  no

 # set link-encryption syslog tls1.0 no

TLS : yes
TLS 1.3 : yes 
TLS 1.2 : yes
TLS 1.1 : yes
TLS 1.0 : no