Use to set system level media security settings. These settings apply to all lines and extensions on which SRTP is supported and which have their Media Security settings configured to be Same as System. Individual lines and extensions have media security settings that can override system level settings.
Simultaneous SIP extensions that do not have physical extensions in the configuration use the system security settings.
SM lines and all centralized user extensions must have uniform media security settings.
These settings must be edited offline. To enter offline editing, select .
Name |
Description |
Default Extension Password |
Default = Extension password set during initial configuration. This default extension password is automatically assigned to each H.323 and SIP extension entry when they are added to the system configuration. Each extension's password can be changed through the extension's own settings if required. The extension password is used for registration of IP phones with the system. The password must be 9 to 13 digits. Use the 'eye' icon to see the existing default password. |
Media Security |
Default = Disabled. Secure RTP (SRTP) can be used between IP devices to add additional security. These settings control whether SRTP is used for this system and the settings used for the SRTP. The options are:
Disabled: Use RTP. Preferred: Attempt to use SRTP. If SRTP call setup is unsuccessful, fall back to RTP. Enforced: Use SRTP. If SRTP call setup is unsuccessful, the call fails.
If media security is enabled (Enforced or Preferred), we recommend that you enable a matching level of security using . The endpoints that support Secure RTP are:
IP Office , SIP and SM lines Avaya H.323 extensions: 9608, 9611, 9621, 9641 Avaya SIP extensions: 9608, 9611, 9621 and 9641 (in centralized branch deployments), 1100 Series, 1200 Series, B179, E129, H175, J100 Series, K100 Series (Vantage), Scopia XT series 3rd Party SIP extensions that support SRTP |
Media Security Options |
Not displayed if Media Security is set to Disabled. The options are:
Encryptions: Default = RTP This setting allows selection of which parts of a media session should be protected using encryption. The default is to encrypt just the RTP stream (the speech). Authentication: Default = RTP and RTCP This setting allows selection of which parts of the media session should be protected using authentication. Replay Protection SRTP Window Size: Default = 64. Not adjustable. Crypto Suites: Default = SRTP_AES_CM_128_SHA1_80. There is also the option to select SRTP_AES_CM_128_SHA1_32. |
Strict SIPS |
Default = Off. This setting is available in Enterprise Branch deployments only. This option provides a system-wide configuration for call restrictions based on SIPS URI. When this option is off, calls are not rejected due to SIPS. A call is sent according to the configuration of the outgoing trunk or line that it is routed to, regardless of the way the call came in, even if the call came in as a SIP invite with SIPS URI and is being sent with a SIP URI onto a non-secure SIP trunk. When this option is on, an incoming SIP invite with SIPS URI if targeted to a SIP trunk (SM line or SIP line) is rejected if the target trunk is not configured with SIPS in the URI Type field.
|
