Logo

Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[FAQ] How can I setup SRTP / Secure RTP?

SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎04-23-2013 09:12 AM
‎04-23-2013 09:12 AM

[FAQ] How can I setup SRTP / Secure RTP?

 

Polycom Phones support secure RTP

 

This encrypts the RTP audio stream. This does not encrypt the SIP signalling and this is explained => here <=

 

  • Note: Below example has been tested using Polycom UCS 4.0.2 and Asterisk 1.8!
  • Note: Phones sold in Russia aka with a part number ending in -114 cannot use SRTP!

 

Pre-requisite:

 

On Asterisk set the peer settings within the sip.conf to:

 

..
encryption=yes
..

 

Note: Please liaise with Digium support on more details on this!

 

On the Poly phone, you need to configure the SRTP offer either on a per line bases via:

 

reg.1.srtp.offer="1"

 Above offers SRTP on the registration 1

 

or

 

sec.srtp.offer="1"

 Above offers SRTP on all registrations.

 

Both sec.srtp.require="1" or reg.x.srtp.require="1" can be used to make this mandatory but this may cause issues with non SRTP calls.

 

SRTP_01.png

 

Note: For more details or additional settings please consult your UCS admin guide or contact your Polycom reseller!

 

Wireshark Trace example:

 

SIP_and_SRTP.PNG

 

Above shows the original SIP invite in non-secure signalling and the SRTP audio stream.

 

SIP_and_SRTP_02.PNG

Phone Log:

 

SIP_Debug_Overall_Debug_LogSize_1000.png

 

0530172346|sip  |0|00|    INVITE sip:10.252.149.53 SIP/2.0
0530172346|sip  |0|00|    Via: SIP/2.0/UDP 10.252.149.51;branch=z9hG4bKc4b46dc36F0369D0
0530172346|sip  |0|00|    From: "3395" <sip:3395@10.252.149.122>;tag=8535E755-271B5D8A
0530172346|sip  |0|00|    To: <sip:10.252.149.53>
0530172346|sip  |0|00|    CSeq: 1 INVITE
0530172346|sip  |0|00|    Call-ID: 910d4b8afc81e6b9d38802348703010a
0530172346|sip  |0|00|    Contact: <sip:3395@10.252.149.51>
0530172346|sip  |0|00|    Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
0530172346|sip  |0|00|    User-Agent: PolycomVVX-VVX_601-UA/5.7.2.1277
0530172346|sip  |0|00|    Accept-Language: en
0530172346|sip  |0|00|    Supported: replaces,100rel
0530172346|sip  |0|00|    Allow-Events: conference,talk,hold
0530172346|sip  |0|00|    Max-Forwards: 70
0530172346|sip  |0|00|    Content-Type: application/sdp
0530172346|sip  |0|00|    Content-Length: 1282
0530172346|sip  |0|00|    
0530172346|sip  |0|00|    v=0
0530172346|sip  |0|00|    o=- 1527697426 1527697426 IN IP4 10.252.149.51
0530172346|sip  |0|00|    s=Polycom IP Phone
0530172346|sip  |0|00|    c=IN IP4 10.252.149.51
0530172346|sip  |0|00|    b=AS:512
0530172346|sip  |0|00|    t=0 0
0530172346|sip  |0|00|    a=sendrecv
0530172346|sip  |0|00|    m=audio 2266 RTP/SAVP 115 99 9 102 0 8 18 127
0530172346|sip  |0|00|    a=crystals:5 AES_CM_128_HMAC_SHA1_80 inline:1TjMrZbt/ThxhrkFZOB33CYhnfHEtf0IvDIIKFgF
0530172346|sip  |0|00|    a=rtpmap:115 G7221/32000
0530172346|sip  |0|00|    a=fmtp:115 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:99 SIREN14/16000
0530172346|sip  |0|00|    a=fmtp:99 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:9 G722/8000
0530172346|sip  |0|00|    a=rtpmap:102 G7221/16000
0530172346|sip  |0|00|    a=fmtp:102 bitrate=32000
0530172346|sip  |0|00|    a=rtpmap:0 PCMU/8000
0530172346|sip  |0|00|    a=rtpmap:8 PCMA/8000
0530172346|sip  |0|00|    a=rtpmap:18 G729/8000
0530172346|sip  |0|00|    a=fmtp:18 annexb=no
0530172346|sip  |0|00|    a=rtpmap:127 telephone-event/8000
0530172346|sip  |0|00|    m=audio 2266 RTP/AVP 115 99 9 102 0 8 18 127
0530172346|sip  |0|00|    a=rtpmap:115 G7221/32000
0530172346|sip  |0|00|    a=fmtp:115 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:99 SIREN14/16000
0530172346|sip  |0|00|    a=fmtp:99 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:9 G722/8000
0530172346|sip  |0|00|    a=rtpmap:102 G7221/16000
0530172346|sip  |0|00|    a=fmtp:102 bitrate=32000
0530172346|sip  |0|00|    a=rtpmap:0 PCMU/8000
0530172346|sip  |0|00|    a=rtpmap:8 PCMA/8000
0530172346|sip  |0|00|    a=rtpmap:18 G729/8000
0530172346|sip  |0|00|    a=fmtp:18 annexb=no
0530172346|sip  |0|00|    a=rtpmap:127 telephone-event/8000
0530172346|sip  |0|00|    m=video 2268 RTP/SAVP 109 34
0530172346|sip  |0|00|    a=crypto:6 AES_CM_128_HMAC_SHA1_80 inline:248U4vJx6go6VeoVG8ZwST2d52bMLbknufCFDVcd
0530172346|sip  |0|00|    a=rtpmap:109 H264/90000
0530172346|sip  |0|00|    a=fmtp:109 profile-level-id=42800d
0530172346|sip  |0|00|    a=rtpmap:34 H263/90000
0530172346|sip  |0|00|    a=fmtp:34 CIF=1;QCIF=1;SQCIF=1
0530172346|sip  |0|00|    m=video 2268 RTP/AVP 109 34
0530172346|sip  |0|00|    a=rtpmap:109 H264/90000
0530172346|sip  |0|00|    a=fmtp:109 profile-level-id=42800d
0530172346|sip  |0|00|    a=rtpmap:34 H263/90000
0530172346|sip  |0|00|    a=fmtp:34 CIF=1;QCIF=1;SQCIF=1

 

Above shows the SRTP media Attribute from the SIP INVITE.

 

The Secure status of the call is symbolized on the phone with a scrolling lock icon:

 

SRTP.png

 

or

 

IP7000_SRTP.jpg

or

 SRTP_VVX.png

or

VVX601_SRTP.png

 

VVX_SRTP_Calling.png

 

 

 

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Labels:
Message 1 of 1
0 Kudos