User`s manual
Table Of Contents
- Mediant 2000 & TP-1610 & TP-260/UNI SIP User’s Manual Version 5.0
- Table of Contents
- List of Figures
- List of Tables
- Notices
- 1. Overview
- 2. Physical Description
- 3. Installation
- 4. Getting Started
- 5. Web Management
- Computer Requirements
- Protection and Security Mechanisms
- Accessing the Embedded Web Server
- Getting Acquainted with the Web Interface
- Protocol Management
- Advanced Configuration
- Status & Diagnostic
- Software Update Menu
- Maintenance
- Logging Off the Embedded Web Server
- 6. Gateway's ini File Configuration
- Secured ini File
- Modifying an ini File
- The ini File Content
- The ini File Structure
- The ini File Example
- Networking Parameters
- System Parameters
- Web and Telnet Parameters
- Security Parameters
- RADIUS Parameters
- SNMP Parameters
- SIP Configuration Parameters
- Voice Mail Parameters
- ISDN and CAS Interworking-Related Parameters
- Number Manipulation and Routing Parameters
- E1/T1 Configuration Parameters
- Channel Parameters
- Configuration Files Parameters
- 7. Using BootP / DHCP
- 8. Telephony Capabilities
- Working with Supplementary Services
- Configuring the DTMF Transport Types
- Fax & Modem Transport Modes
- Event Notification using X-Detect Header
- ThroughPacket™
- Dynamic Jitter Buffer Operation
- Configuring the Gateway’s Alternative Routing (based on Conn
- Call Detail Report
- Supported RADIUS Attributes
- Trunk to Trunk Routing Example
- Proxy or Registrar Registration Example
- SIP Call Flow Example
- SIP Authentication Example
- 9. Networking Capabilities
- 10. Advanced PSTN Configuration
- 11. Advanced System Capabilities
- 12. Special Applications
- 13. Security
- 14. Diagnostics
- 15. SNMP-Based Management
- SNMP Standards and Objects
- Carrier Grade Alarm System
- Cold Start Trap
- Third-Party Performance Monitoring Measurements
- TrunkPack-VoP Series Supported MIBs
- Traps
- SNMP Interface Details
- SNMP Manager Backward Compatibility
- Dual Module Interface
- SNMP NAT Traversal
- SNMP Administrative State Control
- AudioCodes’ Element Management System
- 16. Configuration Files
- Appendix A. Selected Technical Specifications
- Appendix B. Supplied SIP Software Kit
- Appendix C. SIP Compliance Tables
- Appendix D. The BootP/TFTP Configuration Utility
- Appendix E. RTP/RTCP Payload Types and Port Allocation
- Appendix F. RTP Control Protocol Extended Reports (RTCP-XR)
- Appendix G. Accessory Programs and Tools
- Appendix H. Release Reason Mapping
- Appendix I. SNMP Traps
- Appendix J. Installation and Configuration of Apache HTTP Server
- Appendix K. Regulatory Information
Mediant 2000 & TP-1610 & TP-260
SIP User's Manual 294 Document #: LTRT-68805
When a user connects to the secure Web server:
If the user has a client certificate from a CA listed in the Trusted Root Certificate file,
the connection is accepted and the user is prompted for the system password.
If both the CA certificate and the client certificate appear in the Trusted Root
Certificate file, the user is not prompted for a password (thus providing a single-sign-
on experience - the authentication is performed using the X.509 digital signature).
If the user doesn’t have a client certificate from a listed CA, or doesn’t have a client
certificate at all, the connection is rejected.
Notes:
• The process of installing a client certificate on your PC is beyond the
scope of this document. For more information, refer to your Web browser
or operating system documentation, and/or consult your security
administrator.
• The root certificate can also be loaded via ini file using the parameter
‘HTTPSRootFileName’.
13.3 SRTP
The gateway supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to
encrypt RTP and RTCP transport since it is best-suited for protecting VoIP traffic.
SRTP requires a Key Exchange mechanism that is performed according to <draft-ietf-
mmusic-sdescriptions-12>. The Key Exchange is executed by adding a ‘Crypto’ attribute to
the SDP. This attribute is used (by both sides) to declare the various supported cipher
suites and to attach the encryption key to use. If negotiation of the encryption data is
successful, the call is established.
Use the parameter MediaSecurityBehaviour (described in Section
6.9 on page 145) to
select the gateway’s mode of operation: Must or Prefer. These modes determine the
behavior of the gateway if negotiation of the cipher suite fails.
Must = the call is terminated. Incoming calls that don’t include encryption information
are rejected.
Prefer = an unencrypted call is established. Incoming calls that don’t include
encryption information are accepted.
To enable SRTP set the parameter EnableMediaSecurity to 1 (described in Section
6.9 on
page 145).
Notes:
• When SRTP is used the channel capacity is reduced (refer to the
parameter EnableMediaSecurity).
• The gateway only supports the AES 128 in CM mode cipher suite.
Figure 13-11: Example of crypto Attributes Usage
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PsKoMpHlCg+b5X0YLuSvNrImEh/dAe
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:IsPtLoGkBf9a+c6XVzRuMqHlDnEiAd