Ensure that the Media Encryption over IP feature is enabled in the license file.
About this task
Administering SRTP encryption is the same as administering AES and AEA encryption.
Procedure
On the Customer Options form, ensure that the Media Encryption Over IP? field is set to y.
On the IP Media Parameters form, administer the Media Encryption type in the Media Encryption field.
You can use this field to specify a priority listing for one of five available options for the negotiation of encryption.
For two network regions that have different codec sets that are assigned to a third codec set. The settings for media Encryption will then depend on the third codec set.
Administer the ip-network-region form for SIP options.
Use the Allow SIP URI Conversion? field to specify whether a SIP Uniform Resource Identifier (URI) is permitted to change. For example, if sips:// in the URI is changed to sip://, then the call can be less secure. However, changing to a less secure URI can be necessary to complete the call. In the Allow SIP URI Conversion? field, you can enter n to forbid URI conversion. Then calls made from SIP endpoints that support SRTP to other SIP endpoints that do not support SRTP fail. Enter y for converting SIP URIs. The default is y.
Configure an endpoint to use SRTP.
For an endpoint, set SRTP as media encryption and TLS as transport.
To enable the SRTP on an endpoint:
Use 46xxSettings.txt to set MEDIAENCRYPTION 10, 11 (Support 10-srtp-aescm256-hmac80, 11-srtp-aescm256-hmac32 if you want to use AES-256 media encryption)
Use 46xxSettings.txt to set MEDIAENCRYPTION 1, 9 (Support 1-srtp-aescm128-hmac80, 9=none as recommended)
Use 46xxSettings.txt to set SIPSIGNAL 2 (2 to use Transport protocol as TLS)
For more information about administering SRTP, see Media Encryption
