Maintenance Manual

ManualsBrandsCisco Manualsvideo conferencing systemsCisco TelePresence MCU 4520

161

162

163

164

165

166

167

168

169

170

Encryption

status

Whether the MCU is able to use

encryption or not.

When encryption status is Enabled, the MCU advertises itself

as being able to use encryption and will use encryption if

required to do so by an endpoint. If this setting is Enabled, you

can enable or disable the use of encryption on a per-

conference basis.

If this setting is Disabled, no conference will be able to use

encryption.

SRTP

encryption

Select the setting for media

encryption for SIP calls:

■ All transports: If encryption is

used for a call, the media will

be encrypted using SRTP

regardless of transport

mechanism used for call

control messages.

■ Secure transports (TLS) only:

If encryption is used for a call,

the media will only be

encrypted in calls that are set

up using TLS.

■ Disabled: SRTP will not be

used for any calls. The MCU

will not encrypt media for SIP

calls.

For more information refer to Using encryption with SIP, below.

When disabled, the MCU will not advertise that it is able to

encrypt using SRTP. It is only necessary to disable SRTP if it is

causing problems.

Using Encryption with SIP

The MCU supports the use of encryption with SIP. When encryption is in use with SIP, the audio and video media are

encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default mechanism for

exchanging keys is Session Description Protocol Security Description (SDES). SDES exchanges keys in clear text, so

it is a good idea to use SRTP in conjunction with a secure transport for call control messages. You can configure the

MCU to also use Transport Layer Security (TLS) which is a secure transport mechanism that can be used for SIP call

control messages.

Using TLS for call setup is not sufficient for the call to be considered encrypted such that it can participate in a

conference which requires encryption. Where encryption is required in the conference configuration, a SIP call must

use SRTP.

To configure the MCU to use SRTP to encrypt media in calls that are set up using TLS:

1. You must have the encryption feature key installed on your MCU.

2. Go to Settings > Encryption and set:

— Encryption status to Enabled.

— SRTP encryption to Secure transports (TLS) only.

3. Go to Settings > SIP and set Outgoing transport to TLS. To allow the MCU to accept incoming calls that use

TLS, go to Network > Services and ensure that Encrypted SIP (TLS) is selected.

Note: It is possible to make encryption the default on newly created conferences by setting the Encryption field on

the conference template settings to Required. Go to Conferences > Templates.

166

Cisco TelePresence MCU Series Online Printable Help