Re: [cisco-voip] sRTP and RTP in SIP Invite
Unfortunately I don’t manage the CUCM environment. Based on what I’ve read so far, CUCM SIP Trunks technically only support SRTP or RTP, but not both, in a SIP Invite. If both are present in the SIP Invite then CUCM only selects the first one in the list as opposed to choosing a preferred type. Doing it this way breaks the RFC which is my big pain point. The vendor for the equipment sending the invite isn’t going to change their spec and completely break the RFC to accommodate Cisco’s way of supporting SRTP. There are ways around this using the vendor’s equipment, but I was hoping that perhaps there is a way this can be accommodated within CUCM. On May 30, 2014, at 12:20 PM, Brian Meade bmead...@vt.edu wrote: Can you send a CallManager SDI/SDL trace for one of these calls? On Fri, May 30, 2014 at 12:14 PM, Mark Holloway m...@markholloway.com wrote: Yep, it’s TLS. Certificates are loaded. On May 30, 2014, at 11:48 AM, Brian Meade bmead...@vt.edu wrote: Mark, Is the device actually using TLS for the signaling? I don't think CUCM will let you use SRTP if the signaling channel isn't encrypted. Brian On Fri, May 30, 2014 at 11:41 AM, Mark Holloway m...@markholloway.com wrote: I’ve got a non-Cisco SIP device sending SIP Invites to CUCM (SIP Trunk). The SDP from my device includes RTP and sRTP in the SIP Invite. Reading Cisco docs it looks like the way Cisco expects sRTP to work is the SIP Invite should only include sRTP assuming if the call should be encrypted. If both RTP and sRTP are in the SDP, CUCM will always choose the first one in the list rather than the preferred type (sRTP in this example). In my case RTP is being listed first then sRTP, therefore CUCM will never choose sRTP even though that is what I prefer. Has anyone encountered this before and is there a way around it? Thanks, Mark ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] sRTP and RTP in SIP Invite
I’ve got a non-Cisco SIP device sending SIP Invites to CUCM (SIP Trunk). The SDP from my device includes RTP and sRTP in the SIP Invite. Reading Cisco docs it looks like the way Cisco expects sRTP to work is the SIP Invite should only include sRTP assuming if the call should be encrypted. If both RTP and sRTP are in the SDP, CUCM will always choose the first one in the list rather than the preferred type (sRTP in this example). In my case RTP is being listed first then sRTP, therefore CUCM will never choose sRTP even though that is what I prefer. Has anyone encountered this before and is there a way around it? Thanks, Mark ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] sRTP and RTP in SIP Invite
Yep, it’s TLS. Certificates are loaded. On May 30, 2014, at 11:48 AM, Brian Meade bmead...@vt.edu wrote: Mark, Is the device actually using TLS for the signaling? I don't think CUCM will let you use SRTP if the signaling channel isn't encrypted. Brian On Fri, May 30, 2014 at 11:41 AM, Mark Holloway m...@markholloway.com wrote: I’ve got a non-Cisco SIP device sending SIP Invites to CUCM (SIP Trunk). The SDP from my device includes RTP and sRTP in the SIP Invite. Reading Cisco docs it looks like the way Cisco expects sRTP to work is the SIP Invite should only include sRTP assuming if the call should be encrypted. If both RTP and sRTP are in the SDP, CUCM will always choose the first one in the list rather than the preferred type (sRTP in this example). In my case RTP is being listed first then sRTP, therefore CUCM will never choose sRTP even though that is what I prefer. Has anyone encountered this before and is there a way around it? Thanks, Mark ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] sRTP and RTP in SIP Invite
Can you send a CallManager SDI/SDL trace for one of these calls? On Fri, May 30, 2014 at 12:14 PM, Mark Holloway m...@markholloway.com wrote: Yep, it’s TLS. Certificates are loaded. On May 30, 2014, at 11:48 AM, Brian Meade bmead...@vt.edu wrote: Mark, Is the device actually using TLS for the signaling? I don't think CUCM will let you use SRTP if the signaling channel isn't encrypted. Brian On Fri, May 30, 2014 at 11:41 AM, Mark Holloway m...@markholloway.com wrote: I’ve got a non-Cisco SIP device sending SIP Invites to CUCM (SIP Trunk). The SDP from my device includes RTP and sRTP in the SIP Invite. Reading Cisco docs it looks like the way Cisco expects sRTP to work is the SIP Invite should only include sRTP assuming if the call should be encrypted. If both RTP and sRTP are in the SDP, CUCM will always choose the first one in the list rather than the preferred type (sRTP in this example). In my case RTP is being listed first then sRTP, therefore CUCM will never choose sRTP even though that is what I prefer. Has anyone encountered this before and is there a way around it? Thanks, Mark ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] sRTP and RTP in SIP Invite
Mark, Is the device actually using TLS for the signaling? I don't think CUCM will let you use SRTP if the signaling channel isn't encrypted. Brian On Fri, May 30, 2014 at 11:41 AM, Mark Holloway m...@markholloway.com wrote: I’ve got a non-Cisco SIP device sending SIP Invites to CUCM (SIP Trunk). The SDP from my device includes RTP and sRTP in the SIP Invite. Reading Cisco docs it looks like the way Cisco expects sRTP to work is the SIP Invite should only include sRTP assuming if the call should be encrypted. If both RTP and sRTP are in the SDP, CUCM will always choose the first one in the list rather than the preferred type (sRTP in this example). In my case RTP is being listed first then sRTP, therefore CUCM will never choose sRTP even though that is what I prefer. Has anyone encountered this before and is there a way around it? Thanks, Mark ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip