<!DOCTYPE html
SYSTEM "about:legacy-compat">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta charset="UTF-8"><meta name="copyright" content="(C) Copyright 2023"><meta name="DC.rights.owner" content="(C) Copyright 2023"><meta name="DC.type" content="concept"><meta name="description" content="Secure Real-time Transport Protocol (SRTP) is a profile of Real-time Transport Protocol (RTP) that provides encryption, message authentication, and replay attack protection."><meta name="prodname" content="All Mediatrix units"><meta name="version" content="DGW 49.12.28842941"><meta name="platform" content="all"><meta name="DC.date.modified" content="2023-0308-2809"><meta name="DC.date.issued" content="2023-0308-2809"><meta name="DC.date.available" content="2023-0308-2809"><meta name="ChapterNumbering" content="no"><meta name="DC.format" content="HTML5"><meta name="DC.identifier" content="concept_asw_vj3_sgb"><link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/62825785/commonltr.css"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/62825785/custom.css"><title>Setting the Security Parameters of the RTP Stream</title></head><body><header role="banner"><div class="topicmeta title">Setting the Security Parameters of the RTP Stream</div><div class="topicmeta date">2023-0308-28<09</div><div class="topicmeta product">All Mediatrix units</div><div class="topicmeta version">DGW 49.12.2884<2941</div><div class="topicmeta pdf"><a href="https://documentation.media5corp.com/download/attachments/62825785/Setting%20the%20Security%20Parameters%20of%20the%20RTP%20Stream.pdf" rel="nofollow">Download PDF Document</a></div><hr><span style="float: inline-end;"></span></header><nav role="toc"><ul><li><a href="#concept_asw_vj3_sgb">Secure Real-Time Transport Protocol</a></li><li><a href="#topic_title_Basic_Tasks_d1e16">Basic Tasks</a><ul><li><a href="#task_tqz_gct_ls">Enabling Secure Media (SRTP) on All Endpoints</a></li><li><a href="#unique_7078839151149848915">Enabling Secure Media (SRTP) on a Specific Endpoint</a></li><li><a href="#task_g5h_zmt_lt">Allowing Unsecure T.38 with Secure RTP</a></li><li><a href="#task_nng_5nl_fhb">Modifying the SRTP Basic Port</a></li></ul></li><li><a href="#reference_h3d_yvp_mcb">Advanced RTP Parameters</a><ul><li><a href="#concept_kzc_x5h_npb">Advanced SRTP Preferences Configuration for the Mediatrix Gateways</a></li><li><a href="#reference_fmk_ynh_npb">Recommended SRTP Preferences for a Typical VoIP Network</a></li><li><a href="#unique_211386101942272486">Recommended SRTP Preferences for Cisco BroadWorks and BroadCloud</a></li><li><a href="#unique_1145875835984375142">Recommended SRTP Preferences for Microsoft Teams</a></li><li><a href="#unique_18526832391837503228">Recommended SRTP Preferences for Oracle SBC</a></li></ul></li><li><a href="#reference_j4g_nbv_gfb">Online Help</a></li><li><a href="#concept_v4k_q3h_1r">DGW Documentation</a></li><li><a href="#concept_fqm_rv4_k4">Copyright Notice</a></li></ul></nav><main role="main"><article role="article" aria-labelledby="ariaid-title1"><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="nested0" aria-labelledby="ariaid-title1" id="concept_asw_vj3_sgb">
<h1 class="title topictitle1" id="ariaid-title1">Secure Real-Time Transport Protocol</h1>
<div class="body conbody"><p class="shortdesc">Secure Real-time Transport Protocol (SRTP) is a profile of Real-time Transport Protocol
(RTP) that provides encryption, message authentication, and replay attack protection. </p>
<p class="p"> SRTP can be enabled on all Mediatrix unit endpoints, or on one or more specific endpoints.
However, SRTP encryption and authentication requires more processing therefore, if SRTP is
enabled, the number of calls that the Mediatrix unit can handle simultaneously may be reduced,
depending of the enabled codecs . (For more details on resources limitations with SRTP and
conferences, refer to the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Limitations+of+DGW+Platforms" target="_blank">DGW Configuration Guide - Limitations of DGW Platforms</a>
document published on the <a class="xref" href="http://documentation.media5corp.com" target="_blank">Media5 Documentation Portal</a>). </p>
<p class="p">To reduce the impact on the number of simultaneous calls a Mediatrix unit can handle, is it
possible to disable all voice or data codec, including the T.38 protocol, and keep only the
G.711 voice codec enabled. </p>
<div class="note important note_important"><span class="note__title">IMPORTANT:</span> If Secure RTP (SRTP) is enabled on at least one line, it is acceptable to
have the secure SIP transport (TLS) disabled for testing purposes. However, this configuration
must never be used in a production environment, since an attacker could easily break it. Enabling
TLS for SIP Transport is strongly recommended and is usually mandatory for security
interoperability with third-party equipments.</div>
<p class="p">The Mediatrix unit supports the MIKEY protocol using pre-shared keys (MIKEY-PS as per RFC 3830)
or the SDES protocol for negotiating SRTP keys </p>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic nested0 nobody" aria-labelledby="ariaid-title2" id="topic_title_Basic_Tasks_d1e16">
<h1 class="title topictitle1" id="ariaid-title2">Basic Tasks</h1>
<article class="topic task nested1" aria-labelledby="ariaid-title3" id="task_tqz_gct_ls">
<h2 class="title topictitle2" id="ariaid-title3">Enabling Secure Media (SRTP) on All Endpoints</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>Encrypted/secure signaling must be configured.</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Security</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Select Endpoint</span> selection list, choose <span class="keyword wintitle">Default</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Security</span> table,</span>
<ol type="a" class="ol substeps" id="task_tqz_gct_ls__substeps_ct1_kpj_lpb">
<li class="li substep substepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Mode</span> drop box, select <span class="keyword wintitle">Secure</span> or <span class="keyword wintitle">Secure with fallback</span>.</span>
</li>
<li class="li substep substepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Key Management Protocol</span> drop box, select the protocol.</span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> Enabling <span class="keyword wintitle">SDES</span> instead of
<span class="keyword wintitle">MIKEY</span>
will make the SIP INVITEs slightly different. Choosing the <span class="keyword wintitle">SDES</span> protocol
will add the <samp class="ph msgph">a=crypto</samp> line within the SDP Media
Attributes while choosing the <span class="keyword wintitle">MIKEY</span> protocol
will add the <samp class="ph msgph">a=key-mgmt:mikey</samp> line within the SDP
Session Attributes.</div>
</div>
</li>
<li class="li substep substepexpand">
<span class="ph cmd">From the drop box,
select the <var class="keyword varname">AES_CM_128</var> encryption algorithm.</span>
</li>
<li class="li substep substepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> selection, choose if unsecure <span class="ph uicontrol">T.38</span> is allowed with
RTP.</span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> <span class="ph uicontrol">T.38</span>
packets will never be encrypted. The setting <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> will make possible to use <span class="ph uicontrol">T.38</span>, otherwise
it will be rejected. If not using <span class="ph uicontrol">T.38</span> for faxing,
to avoid an impact on the number of simultaneous calls a Mediatrix
unit can handle in SRTP, set the <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> parameter to <span class="keyword wintitle">No</span> and refer to
the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Standard+Fax+Configuration" target="_blank">Standard Fax Configuration</a>
document to disable <span class="ph uicontrol">T.38</span> Fax
Transmission.</div>
</div>
</li>
</ol>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">SRTP Preferences</span> table,</span>
<ol type="a" class="ol substeps" id="task_tqz_gct_ls__substeps_sg1_1qj_lpb">
<li class="li substep"><span class="ph cmd">From the <span class="keyword wintitle">Crypto Mode When Sending Offer</span> drop
box, select the preferred mode.</span></li>
<li class="li substep"><span class="ph cmd">From the <span class="keyword wintitle">Crypto Mode When Sending Answer</span>
drop box, select the preferred mode.</span></li>
<li class="li substep"><span class="ph cmd">From the <span class="keyword wintitle">Crypto Context Behavior</span> drop
box, select the preferred behavior.</span></li>
</ol>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For more information about the recommended <span class="keyword wintitle">SRTP Preferences</span>, please refer
to <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Setting+the+Security+Parameters+of+the+RTP+Stream#reference_fmk_ynh_npb" target="_blank">Recommended SRTP Preferences for a Typical VoIP Network</a> section of the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Setting+the+Security+Parameters+of+the+RTP+Stream" target="_blank">Setting the Security Parameters of the RTP Stream</a> document.</div>
</div>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For troubleshooting the SRTP interoperability, please refer to the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/SRTP+Troubleshooting" target="_blank">SRTP Troubleshooting</a> document.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
<p class="p">All new SIP exchanges will contain RTP/SAVP negotiation elements.</p>
<br><img class="image" id="task_tqz_gct_ls__image_pcj_vkf_ms" src="https://documentation.media5corp.com/download/attachments/62825785/Security_endpointDefault.png"><br>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title4" id="unique_7078839151149848915">
<h2 class="title topictitle2" id="ariaid-title4">Enabling Secure Media (SRTP) on a Specific Endpoint</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>Encrypted/secure signaling must be configured.</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Security</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Select Endpoint</span> selection list, choose an endpoint. </span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> The list of available endpoints will vary depending on the type of unit
being used.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Security</span>
table, from the <span class="keyword wintitle">Mode</span>
drop box, select <span class="keyword wintitle">Secure</span> or <span class="keyword wintitle">Secure with fallback</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Key Management Protocol</span> drop
box, select the protocol. </span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> Enabling <span class="keyword wintitle">SDES</span>
instead of <span class="keyword wintitle">MIKEY</span>
will make the SIP INVITEs slightly different. Choosing the <span class="keyword wintitle">SDES</span> protocol will add
the <samp class="ph msgph">a=crypto</samp> line within the SDP Media Attributes while
choosing the <span class="keyword wintitle">MIKEY</span>
protocol will add the <samp class="ph msgph">a=key-mgmt:mikey</samp> line within the SDP
Session Attributes.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">From the
drop box, select the <var class="keyword varname">AES_CM_128</var> encryption algorithm.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
<p class="p">All new SIP exchanges going through the specified endpoint will contain RTP/SAVP negotiation elements.</p>
<br><img class="image" id="unique_7078839151149848915__image_ppc_gnl_fhb" src="https://documentation.media5corp.com/download/attachments/62825785/Security_endpointSpecific.png"><br>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title5" id="task_g5h_zmt_lt">
<h2 class="title topictitle2" id="ariaid-title5">Allowing Unsecure T.38 with Secure RTP</h2>
<div class="body taskbody">
<section class="section context"><div class="tasklabel"><strong class="sectiontitle tasklabel">Context</strong></div><p class="p">The T.38 protocol must be enabled under <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Codec</span>.</p>This procedure is
required only if SRTP is used and is available provided the <span class="keyword wintitle">Select Endpoint</span> selection list is set
to <span class="keyword wintitle">Default</span>.</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Security</span>.</span>
</li><li class="li step">
<span class="ph cmd">In the <span class="keyword wintitle">Security</span>
table, under the <span class="keyword wintitle">RTP</span>
section, set the <span class="keyword wintitle">Mode</span>
selection list to <span class="keyword wintitle">Secure with fallback</span>.</span>
</li><li class="li step">
<span class="ph cmd"> Under the <span class="ph uicontrol">T.38</span>
section, set the <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> selection list to <span class="keyword wintitle">Yes</span>. </span>
</li><li class="li step">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
<br><img class="image" id="task_g5h_zmt_lt__image_egd_pmy_lt" src="https://documentation.media5corp.com/download/attachments/62825785/UnsecuredT38.png"><br>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title6" id="task_nng_5nl_fhb">
<h2 class="title topictitle2" id="ariaid-title6">Modifying the SRTP Basic Port</h2>
<div class="body taskbody">
<section id="task_nng_5nl_fhb__steps_jmt_3pl_fhb"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_nng_5nl_fhb__steps_jmt_3pl_fhb"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Misc</span>.</span>
</li><li class="li step">
<span class="ph cmd">In the <span class="keyword wintitle">Base Ports</span>
table,in the filed next to <span class="keyword wintitle">SRTP</span>, indicate in the field
to first port to use in SRTP.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div><p class="p">The first port to be used in SRTP will be the one specified.</p>
<br><img class="image" id="task_nng_5nl_fhb__image_x2y_wql_fhb" src="https://documentation.media5corp.com/download/attachments/62825785/BasePorts_SRTP.png" width="800"><br>
</section>
</div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title7" id="reference_h3d_yvp_mcb">
<h1 class="title topictitle1" id="ariaid-title7">Advanced RTP Parameters</h1>
<div class="body refbody">
<section class="section">
<div class="p">Although the services can be configured in great part in the Web browser, some aspects of
the configuration can only be completed with the configuration parameters by:<ul class="ul" id="reference_h3d_yvp_mcb__ul_zdg_mfj_4pb">
<li class="li">using a MIB browser</li>
<li class="li">using the CLI</li>
<li class="li">creating a configuration script containing the configuration parameters</li>
</ul></div>
<p class="p">For more details, refer to the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Reference+Guide" target="_blank">DGW Configuration Guide - Reference Guide</a> published
on the <a class="xref" href="http://documentation.media5corp.com" target="_blank">Media5 Documentation Portal</a>.</p>
<ul class="ul" id="reference_h3d_yvp_mcb__ul_pt2_4d3_sgb">
<li class="li"><span class="keyword parmname">Mipt.EnforceSymmetricRtpEnable</span>: to enforce that incoming RTP
packets are from the same source as the destination of outgoing RTP packets.</li>
<li class="li"><span class="keyword parmname">Mipt.InteropDtmfRtpInitialPacketQty</span>: to specify the quantity of
packets sent at the beginning and at the ending of an Out-of-Band DTMF using RTP.</li>
<li class="li"><span class="keyword parmname">Mipt.InteropPacketReceptionMode</span>: to select the mode that control
the range of packetisation times (ptime) applied at the reception of RTP packets.</li>
</ul>
</section>
</div>
<hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested1" aria-labelledby="ariaid-title8" id="concept_kzc_x5h_npb">
<h2 class="title topictitle2" id="ariaid-title8">Advanced SRTP Preferences Configuration for the Mediatrix Gateways</h2>
<div class="body conbody"><p class="shortdesc">Under certain conditions, the <span class="keyword wintitle">SRTP Preferences</span> of the Mediatrix gateways can be tweaked,
allowing a better interoperability with the SRTP behaviors of different VoIP devices.</p>
<div class="note note note_note"><span class="note__title">Note:</span> For troubleshooting the SRTP interoperability, please refer to the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/SRTP+Troubleshooting" target="_blank">SRTP Troubleshooting</a> document.</div>
<p class="p">The <span class="keyword parmname">Mipt.CryptoModeWhenSendingOffer</span> and <span class="keyword parmname">Mipt.CryptoModeWhenSendingAnswer</span>
parameters affect the behavior of the SRTP elements within the SIP messages.</p>
<div class="note note note_note"><span class="note__title">Note:</span> The <span class="keyword parmname">Mipt.CryptoModeWhenSendingOffer</span> and
<span class="keyword parmname">Mipt.CryptoModeWhenSendingAnswer</span> parameters do not apply to SIP session
refresh. The session timers in SIP reINVITEs or SIP UPDATEs will not be affect the SRTP
crypto.</div>
<div class="p">When sending SDP offer in SIP messages and the
<span class="keyword parmname">Mipt.CryptoModeWhenSendingOffer</span> parameter is set to:<ul class="ul" id="concept_kzc_x5h_npb__ul_bq3_bwh_npb">
<li class="li"><var class="keyword varname">RegenerateAlways</var>, a different crypto attribute is generated.</li>
<li class="li"><var class="keyword varname">KeepAlways</var>, the previously sent crypto attribute is reused.</li>
</ul></div>
<div class="p">When sending SDP answer in SIP messages and the
<span class="keyword parmname">Mipt.CryptoModeWhenSendingAnswer</span> is set to:<ul class="ul" id="concept_kzc_x5h_npb__ul_cq3_bwh_npb">
<li class="li"><var class="keyword varname">RegenerateAlways</var>, a different crypto attribute is generated.</li>
<li class="li"><var class="keyword varname">KeepUnlessCryptoChange</var>, a different crypto attribute is generated if the
received offer has a different crypto attribute. Otherwise, the previously sent crypto
attribute is reused.</li>
<li class="li"><var class="keyword varname">KeepAlways</var>, the previously sent crypto attribute is reused.</li>
</ul></div>
<div class="p">The <span class="keyword parmname">Mipt.CryptoContextBehavior</span> parameter affect the behavior of the SRTP
cryptographic context. All devices in the VoIP network must have an identical behavior,
otherwise this will lead to decryption problems. The possible configurations are:<ul class="ul" id="concept_kzc_x5h_npb__ul_eq3_bwh_npb">
<li class="li"><var class="keyword varname">ResetAlways</var>: Reset the cryptographic context on every SDP
renegociation, even if the crypto key has not changed.</li>
<li class="li"><var class="keyword varname">ResetOnNewCrypto</var>: Reset the cryptographic context when the negotiated
crypto key has changed.</li>
<li class="li"><var class="keyword varname">ResetNever</var>: The cryptographic context is never reset after an SDP
renegotiation. The context is updated with the new crypto keys, while the crypto transform
parameters keeps its current value.</li>
</ul><div class="note note note_note"><span class="note__title">Note:</span> The SRTP cryptographic context, used for the encryption of the outgoing stream and
the decryption of the incoming stream, contains the following transform parameters:<ul class="ul" id="concept_kzc_x5h_npb__ul_dq3_bwh_npb">
<li class="li">SSRC identifier</li>
<li class="li">Sequence number</li>
<li class="li">Roll Over Counter (ROC) – an internal counter not exchanged between the VoIP
devices</li>
<li class="li">IP address and UDP port number of the media stream</li>
</ul></div></div>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested1" aria-labelledby="ariaid-title9" id="reference_fmk_ynh_npb">
<h2 class="title topictitle2" id="ariaid-title9">Recommended SRTP Preferences for a Typical VoIP Network</h2>
<div class="body refbody">
<section class="section">
<div class="p">Most of the time, the configuration of those three parameters can be in one of these two
cases:<table class="table frame-all" id="reference_fmk_ynh_npb__table_qz3_csh_npb"><caption></caption><colgroup><col style="width:50%"><col style="width:25%"><col style="width:25%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry colsep-1 rowsep-1" id="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__1">Configurable parameter</th>
<th class="entry colsep-1 rowsep-1" id="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__2">Regenerate</th>
<th class="entry colsep-1 rowsep-1" id="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__3">Keep</th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__1"><span class="keyword wintitle">Crypto Mode When Sending Offer</span></td>
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__2"><var class="keyword varname">Regenerate Always</var></td>
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__3"><var class="keyword varname">Keep Always</var></td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__1"><span class="keyword wintitle">Crypto Mode When Sending Answer</span></td>
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__2"><var class="keyword varname">Regenerate Always</var></td>
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__3"><var class="keyword varname">Keep Always</var></td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__1"><span class="keyword wintitle">Crypto Context Behavior</span></td>
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__2"><var class="keyword varname">Reset Always</var></td>
<td class="entry colsep-1 rowsep-1" headers="reference_fmk_ynh_npb__table_qz3_csh_npb__entry__3"><var class="keyword varname">Reset Never</var></td>
</tr>
</tbody></table></div>
</section>
<section class="section" id="reference_fmk_ynh_npb__regeneration">
<div class="p">The <dfn class="term">Regeneration</dfn> combination is recommended when:<ul class="ul" id="reference_fmk_ynh_npb__ul_uhf_4sh_npb">
<li class="li">the Mediatrix gateway exchanges with VoIP devices which the SRTP behavior is
unknown.</li>
<li class="li">the Mediatrix gateway exchanges with different VoIP devices without centralized VoIP
infrastructure.</li>
<li class="li">the Mediatrix gateway or the Mediatrix Sentinel SBC exchanges with BroadSoft, Cisco or
Oracle servers.</li>
</ul></div>
</section>
<section class="section" id="reference_fmk_ynh_npb__keep">
<div class="p">The <dfn class="term">Keep</dfn> combination is recommended when:<ul class="ul" id="reference_fmk_ynh_npb__ul_ts1_rsh_npb">
<li class="li">the Mediatrix Sentinel SBC interchanges with VoIP devices which the SRTP behavior is
unknown.</li>
<li class="li">the Mediatrix gateway or the Mediatrix Sentinel SBC exchanges with a media relay
server which re-encrypt completely the SRTP packets (new crypto keys, different SSRC
identifier).</li>
<li class="li">the Mediatrix gateway or the Mediatrix Sentinel SBC exchanges with Microsoft servers,
such as Microsoft Teams.</li>
</ul></div>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested1" aria-labelledby="ariaid-title10" id="unique_211386101942272486">
<h2 class="title topictitle2" id="ariaid-title10">Recommended SRTP Preferences for Cisco BroadWorks and BroadCloud</h2>
<div class="body refbody">
<section class="section">
<pre class="pre codeblock"><code>Mipt.CryptoModeWhenSendingOffer = "RegenerateAlways"
Mipt.CryptoModeWhenSendingAnswer = "RegenerateAlways"
Mipt.CryptoContextBehavior = "ResetAlways"</code></pre>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested1" aria-labelledby="ariaid-title11" id="unique_1145875835984375142">
<h2 class="title topictitle2" id="ariaid-title11">Recommended SRTP Preferences for Microsoft Teams</h2>
<div class="body refbody">
<section class="section">
<pre class="pre codeblock"><code>Mipt.CryptoModeWhenSendingOffer = "KeepAlways"
Mipt.CryptoModeWhenSendingAnswer = "KeepAlways"
Mipt.CryptoContextBehavior = "ResetNever"</code></pre>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested1" aria-labelledby="ariaid-title12" id="unique_18526832391837503228">
<h2 class="title topictitle2" id="ariaid-title12">Recommended SRTP Preferences for Oracle SBC</h2>
<div class="body refbody">
<section class="section">
<pre class="pre codeblock"><code>Mipt.CryptoModeWhenSendingOffer = "RegenerateAlways"
Mipt.CryptoModeWhenSendingAnswer = "RegenerateAlways"
Mipt.CryptoContextBehavior = "ResetAlways"</code></pre>
</section>
</div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title13" id="reference_j4g_nbv_gfb">
<h1 class="title topictitle1" id="ariaid-title13">Online Help</h1>
<p class="shortdesc"><span class="ph">If you are not familiar with the meaning of the fields and
buttons, click <span class="keyword wintitle">Show Help</span>, located at the upper right corner of
the Web page. When activated, the fields and buttons that offer online help will
change to green and if you hover over them, the description will bedisplayed.</span></p>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title14" id="concept_v4k_q3h_1r">
<h1 class="title topictitle1" id="ariaid-title14">DGW Documentation</h1>
<div class="body conbody"><p class="shortdesc">Mediatrix devices are supplied with an exhaustive set of documentation. </p>
<p class="p">Mediatrix user documentation is available on the <a class="xref" href="http://documentation.media5corp.com" target="_blank">Media5 Documentation
Portal</a>.</p>
<div class="p">Several types of documents were created to clearly present the information you are looking for.
Our documentation includes:<ul class="ul" id="concept_v4k_q3h_1r__ul_bqy_cjh_1r">
<li class="li"><strong class="ph b">Release notes</strong>: Generated at each GA release, this document includes the known and
solved issues of the software. It also outlines the changes and the new features the release
includes.</li>
<li class="li"><strong class="ph b">Configuration notes</strong>: These documents are created to facilitate the configuration of a
specific use case. They address a configuration aspect we consider that most users will need to
perform. However, in some cases, a configuration note is created after receiving a question
from a customer. They provide standard step-by-step procedures detailing the values of the
parameters to use. They provide a means of validation and present some conceptual information.
The configuration notes are specifically created to guide the user through an aspect of the
configuration. </li>
<li class="li"><strong class="ph b">Technical bulletins</strong>: These documents are created to facilitate the configuration of a
specific technical action, such as performing a firmware upgrade.</li>
<li class="li"><strong class="ph b">Hardware installation guide</strong>: They provide the detailed procedure on how to safely and
adequately install the unit. It provides information on card installation, cable connections,
and how to access for the first time the Management interface.</li>
<li class="li"><strong class="ph b">User guide</strong>: The user guide explains how to customise to your needs the configuration
of the unit. Although this document is task oriented, it provides conceptual information to
help the user understand the purpose and impact of each task. The User Guide will provide
information such as where and how TR-069 can be configured in the Management Interface, how to
set firewalls, or how to use the CLI to configure parameters that are not available in the
Management Interface.</li>
<li class="li"><strong class="ph b">Reference guide</strong>: This exhaustive document has been created for advanced users. It
includes a description of all the parameters used by all the services of the Mediatrix units.
You will find, for example, scripts to configure a specific parameter, notification messages
sent by a service, or an action description used to create Rulesets. This document includes
reference information such as a dictionary, and it does not include any step-by-step
procedures. </li>
</ul></div>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title15" id="concept_fqm_rv4_k4">
<h1 class="title topictitle1" id="ariaid-title15">Copyright Notice</h1>
<div class="body conbody"><p class="shortdesc">Copyright © 2023 Media5 Corporation.</p>
<p class="p">This document contains information that is proprietary to Media5 Corporation.</p>
<p class="p">Media5 Corporation reserves all rights to this document as well as to the Intellectual Property
of the document and the technology and know-how that it includes and represents.</p>
<p class="p">This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever,
without written prior approval by Media5 Corporation.</p>
<p class="p">Media5 Corporation reserves the right to revise this publication and make changes at any time
and without the obligation to notify any person and/or entity of such revisions and/or
changes.</p>
</div>
</article></article></main></body></html> |
