User's Manual
Media security 459
It is possible to enable both PSK SRTP on the IP Phone and configure
USK SRTP at the Call Server. If USK SRTP does not negotiate for a call,
PSK SRTP attempts to negotiate during a call. If the two endpoints for the
call have PSK SRTP enabled, the call is encrypted using PSK SRTP.
By default, Media Security is enabled on the system. To configure USK
SRTP, see “USK SRTP configuration” (page 459). To configure PSK
SRTP on the IP Phone, see “PSK SRTP configuration” (page 459).
USK SRTP configuration
Use LD 17 to configure a system-wide Class of Service parameter for IP
Phones called Media Security System Default (MSSD). The system default
value is one of the following:
•
Always Secure IP (MSAW)
• Best Effort (MSBT)
•
Never (MSNV)
When you change the MSSD parameter, the system updates any IP
Phones that have a Class of Service value of MSSD to use the new MSSD
parameter.
Use LD 11 to configure the Media Security Class of Service on each IP
Phone. The IP Phone can have any of the following values:
•
MSSD
•
Best Effort
•
Always
•
Never
For more information about configuring system-wide Media Security and
configuring Class of Service, see Security Management Fundamentals
(NN43001-604).
PSK SRTP configuration
The SRTP PSK (Pre-Shared Key) media encryption feature provides
encrypted media. A preshared secret is embedded in the Nortel IP Phone
to generate and to exchange encryption parameters without any Call
Server involvement. This feature provides SRTP capabilities to IP Phones
managed by call servers, which do not support SRTP USK (UNIStim
Key). The SRTP PSK feature must not be used in networks where
phone-to-phone one-way delay is greater than 200 ms.
For CS 1000 Release 4.5 or earlier, you must configure PSK SRTP on
each IP Phone. See “PSK SRTP configuration” (page 459).
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 02.07
5 February 2009
Copyright © 2003-2009 Nortel Networks
.