• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

 

Polycom Phones support secure RTP

 

This encrypts the RTP audio stream. This does not encrypt the SIP signalling and this is explained => here <=

 

  • Note: Below example has been tested using Polycom UCS 4.0.2 and Asterisk 1.8!
  • Note: Phones sold in Russia aka with a part number ending in -114 cannot use SRTP!

 

Pre-requisite:

 

On Asterisk set the peer settings within the sip.conf to:

 

..
encryption=yes
..

 

Note: Please liaise with Digium support on more details on this!

 

On the Poly phone, you need to configure the SRTP offer either on a per line bases via:

 

reg.1.srtp.offer="1"

 Above offers SRTP on the registration 1

 

or

 

sec.srtp.offer="1"

 Above offers SRTP on all registrations.

 

Both sec.srtp.require="1" or reg.x.srtp.require="1" can be used to make this mandatory but this may cause issues with non SRTP calls.

 

image

 

Note: For more details or additional settings please consult your UCS admin guide or contact your Polycom reseller!

 

Wireshark Trace example:

 

image

 

Above shows the original SIP invite in non-secure signalling and the SRTP audio stream.

 

image

Phone Log:

 

image

 

0530172346|sip  |0|00|    INVITE sip:10.252.149.53 SIP/2.0
0530172346|sip  |0|00|    Via: SIP/2.0/UDP 10.252.149.51;branch=z9hG4bKc4b46dc36F0369D0
0530172346|sip  |0|00|    From: "3395" <sip:3395@10.252.149.122>;tag=8535E755-271B5D8A
0530172346|sip  |0|00|    To: <sip:10.252.149.53>
0530172346|sip  |0|00|    CSeq: 1 INVITE
0530172346|sip  |0|00|    Call-ID: 910d4b8afc81e6b9d38802348703010a
0530172346|sip  |0|00|    Contact: <sip:3395@10.252.149.51>
0530172346|sip  |0|00|    Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
0530172346|sip  |0|00|    User-Agent: PolycomVVX-VVX_601-UA/5.7.2.1277
0530172346|sip  |0|00|    Accept-Language: en
0530172346|sip  |0|00|    Supported: replaces,100rel
0530172346|sip  |0|00|    Allow-Events: conference,talk,hold
0530172346|sip  |0|00|    Max-Forwards: 70
0530172346|sip  |0|00|    Content-Type: application/sdp
0530172346|sip  |0|00|    Content-Length: 1282
0530172346|sip  |0|00|    
0530172346|sip  |0|00|    v=0
0530172346|sip  |0|00|    o=- 1527697426 1527697426 IN IP4 10.252.149.51
0530172346|sip  |0|00|    s=Polycom IP Phone
0530172346|sip  |0|00|    c=IN IP4 10.252.149.51
0530172346|sip  |0|00|    b=AS:512
0530172346|sip  |0|00|    t=0 0
0530172346|sip  |0|00|    a=sendrecv
0530172346|sip  |0|00|    m=audio 2266 RTP/SAVP 115 99 9 102 0 8 18 127
0530172346|sip  |0|00|    a=crystals:5 AES_CM_128_HMAC_SHA1_80 inline:1TjMrZbt/ThxhrkFZOB33CYhnfHEtf0IvDIIKFgF
0530172346|sip  |0|00|    a=rtpmap:115 G7221/32000
0530172346|sip  |0|00|    a=fmtp:115 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:99 SIREN14/16000
0530172346|sip  |0|00|    a=fmtp:99 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:9 G722/8000
0530172346|sip  |0|00|    a=rtpmap:102 G7221/16000
0530172346|sip  |0|00|    a=fmtp:102 bitrate=32000
0530172346|sip  |0|00|    a=rtpmap:0 PCMU/8000
0530172346|sip  |0|00|    a=rtpmap:8 PCMA/8000
0530172346|sip  |0|00|    a=rtpmap:18 G729/8000
0530172346|sip  |0|00|    a=fmtp:18 annexb=no
0530172346|sip  |0|00|    a=rtpmap:127 telephone-event/8000
0530172346|sip  |0|00|    m=audio 2266 RTP/AVP 115 99 9 102 0 8 18 127
0530172346|sip  |0|00|    a=rtpmap:115 G7221/32000
0530172346|sip  |0|00|    a=fmtp:115 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:99 SIREN14/16000
0530172346|sip  |0|00|    a=fmtp:99 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:9 G722/8000
0530172346|sip  |0|00|    a=rtpmap:102 G7221/16000
0530172346|sip  |0|00|    a=fmtp:102 bitrate=32000
0530172346|sip  |0|00|    a=rtpmap:0 PCMU/8000
0530172346|sip  |0|00|    a=rtpmap:8 PCMA/8000
0530172346|sip  |0|00|    a=rtpmap:18 G729/8000
0530172346|sip  |0|00|    a=fmtp:18 annexb=no
0530172346|sip  |0|00|    a=rtpmap:127 telephone-event/8000
0530172346|sip  |0|00|    m=video 2268 RTP/SAVP 109 34
0530172346|sip  |0|00|    a=crypto:6 AES_CM_128_HMAC_SHA1_80 inline:248U4vJx6go6VeoVG8ZwST2d52bMLbknufCFDVcd
0530172346|sip  |0|00|    a=rtpmap:109 H264/90000
0530172346|sip  |0|00|    a=fmtp:109 profile-level-id=42800d
0530172346|sip  |0|00|    a=rtpmap:34 H263/90000
0530172346|sip  |0|00|    a=fmtp:34 CIF=1;QCIF=1;SQCIF=1
0530172346|sip  |0|00|    m=video 2268 RTP/AVP 109 34
0530172346|sip  |0|00|    a=rtpmap:109 H264/90000
0530172346|sip  |0|00|    a=fmtp:109 profile-level-id=42800d
0530172346|sip  |0|00|    a=rtpmap:34 H263/90000
0530172346|sip  |0|00|    a=fmtp:34 CIF=1;QCIF=1;SQCIF=1

 

Above shows the SRTP media Attribute from the SIP INVITE.

 

The Secure status of the call is symbolized on the phone with a scrolling lock icon:

 

image

 

or

 

image

or

 image

or

image

 

image

 

 

 

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.