Installation guide
26/1531-ANF 901 14 Uen E10 2014-01-22 77
S
ECURITY
19 Security
This section describes the encrypted configuration files, SIP signaling
with TLS and media with SRTP.
19.1 Encrypted Configuration Files
The aasta.cfg, <model>.cfg and <MAC>.cfg files can be encrypted
and downloaded to the phone from the software server with the http or
https protocol. Aastra provides a tool for Windows and Linux to encrypt
the configuration files. This tool is called anacrypt. Use the following
procedure:
1. Create the file security.tuz with the encrypted site key:
anacrypt -i -p <shared_password>
2. Encrypt the aastra.cfg file:
anacrypt aastra.cfg -p <shared_password>
3. Encrypt the <model>.cfg file:
anacrypt <model>.cfg -p <shared_password>
4. If MAC configuration files are used, encrypt the <MAC>.cfg file:
anacrypt <mac>.cfg -m -p <shared_password>
To encrypt all MAC configuration files in a directory:
anacrypt <mac>.cfg -d <dir> -m -p <shared_password>
5. Store security.tuz, aastra.tuz and <mac>.tuz on the software
server. Reboot the telephones.
The shared password can be 4-32 alphanumeric characters.
The anacrypt tool can be downloaded from www.aastra.com.
19.2 TLS
IP Phones support a transport protocol called Transport Layer Security
(TLS) . TLS is a protocol that ensures communication privacy between
the SIP phones and the Internet. TLS ensures that no third party may
eavesdrop or tamper with any message. persistent TLS is the only mode
supported by MX-ONE. If Ingate is the access for the phone both persis-
tent mutual TLS and persistent TLS are supported. persistent TLS