Avaya Support Forums  

Go Back   Avaya Support Forums > Avaya Aura & Unified Communications

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-14-2014, 03:26 AM
patdunne patdunne is offline
Aspiring Member
 
Join Date: May 2014
Posts: 1
patdunne has 10 reputation points
Default Encryption on SIP trunk to 3rd party peer

Having an issue enabling encryption on a SIP trunk to an IVR with Asterick telephony services at the front end. We have the control channel successfully encrypted but cannot get the Bearer(media) channel encrypted - see below.

SRTP and SRTCP packet payloads are encrypted by default. The UNENCRYPTED_SRTCP and UNENCRYPTED_SRTP session parameters modify the default behavior of the crypto-suites with which they are used: * UNENCRYPTED_SRTCP signals that the SRTCP packet payloads are not encrypted. * UNENCRYPTED_SRTP signals that the SRTP packet payloads are not encrypted. In the offer/answer model, these parameters are negotiated. If UNENCRYPTED_SRTCP is signaled for the session, then the SRTCP E bit MUST be clear (0) in all SRTCP messages. If the default is used, all SRTCP messages are encrypted, and the E bit MUST be set (1) on all SRTCP messages.
The problem is that the Avaya SIP component does not support encrypted SRTCP. It is the offerer in the scenario above and it is setting the parameter in the INVITE and there is no way to stop it so the implication is that it cannot support it. RFC4568 however says that SRTCP payloads are encrypted by default making the Avaya the exception by not supporting encrypted SRTCP.
All help greatly appreciated.
Reply With Quote
  #2  
Old 06-12-2014, 02:32 AM
vchitramohan vchitramohan is offline
Aspiring Member
.
 
Join Date: Mar 2011
Posts: 2
vchitramohan has 10 reputation points
Default

Avaya design documentation says the following:
Avaya endpoints which cannot support secure RTCP must properly negotiate it out in the answer using rules from RFC3264 and RFC4568.This is achieved by adding the UNENCRYPTED_SRTCP parameter to the offer or answer. UNENCRYPTED_SRTCP is a negotiated parameter per RFC4568. Rules for this negotiation are as follows:
Offerer:
Media aware network elements that support encrypted SRTCP generate offers without the
UNENCRYPTED_SRTCP parameter.
Media aware network elements that do not support encrypted SRTCP generate offers with the
UNENCRYPTED_SRTCP parameter.
Answerer:
Media aware network elements that support encrypted SRTCP and receive offers with the
UNENCRYPTED_SRTCP parameter, echo the UNENCRYPTED_SRTCP parameter in the answer on the chosen crypto set. Unencrypted SRTCP is used in both directions.
Media aware network elements that support encrypted SRTCP and receive offers without the
UNENCRYPTED_SRTCP parameter, use encrypted SRTCP in both directions
Media aware network elements that do not support encrypted SRTCP and receive offers with the
UNENCRYPTED_SRTCP parameter, echo the UNENCRYPTED_SRTCP parameter in the answer on the chosen crypto set. Unencrypted SRTCP is used in both directions.
Media aware network elements that do not support encrypted SRTCP and receive offers without the
UNENCRYPTED_SRTCP parameter, add the UNENCRYPTED_SRTCP parameter in the answer on
the chosen crypto set. Unencrypted SRTCP is used in both directions.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 10:54 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.