Media Encryption does not affect most Communication Manager features or adjuncts, except for those listed in Table : 1
Table 1: Media Encryption interactions
Interaction
Description
Service Observing
You can Service Observe a conversation between encrypted endpoints. The conversation remains encrypted to all outside parties except the communicants and the observer.
Voice Messaging
Any call from an encryption-enabled endpoint is decrypted before it is sent to a voice messaging system. When the G4xx Media Gateway and Avaya Aura® Media Server receives the encrypted voice stream, Media Processor decrypts the packets before sending them to the voice messaging system. The voice messaging system then stores the packets in unencrypted mode.
Hairpinning
Hairpinning is not supported when one or both media streams are encrypted, and Communication Manager does not request hairpinning on these encrypted connections.
VPN
Media encryption complements virtual private network (VPN) security mechanisms. Encrypted voice packets can pass through VPN tunnels, essentially double-encrypting the conversation for the VPN leg of the call path.
H.323 trunks
Media Encryption on a call varies based on the following conditions at call set up:
Whether shuffled audio connections are permitted.
Whether the call is an interregion call.
Whether IP trunk calling is encrypted or not.
Whether the IP endpoint supports encryption.
The media encryption setting for the affected IP codec sets.
These conditions also affect the codec set that is available for negotiation each time a call is set up. T.38 packets can be carried on an H.323 trunk that is encrypted. However, the T.38 packet is sent in the clear.
