Plantronics + Polycom. Now together as Poly Logo

[FAQ] How can I setup SRTP / Secure RTP?

Polycom Employee & Community Manager

[FAQ] How can I setup SRTP / Secure RTP?

 

Polycom Phones support secure RTP

 

This encrypts the RTP audio stream. This does not encrypt the SIP signaling and this is explained => here <=

 

Note: Below example has been tested using Polycom UCS 4.0.2 and Asterisk 1.8!

 

Pre-requisite:

 

On Asterisk set the peer settings within the sip.conf to:

 

..
encryption=yes
..

 

Note: Please liaise with Digium support on more details on this!

 

On the Polycom phone you need to configure the SRTP offer either on a per line bases via:

 

reg.1.srtp.offer="1"

 Above offers SRTP on the registration 1

 

or

 

sec.srtp.offer="1"

 Above offers SRTP on all registrations.

 

Both sec.srtp.require="1" or reg.x.srtp.require="1" can be used to make this mandatory but this may cause issues with non SRTP calls.

 

SRTP_01.png

 

Note: For more details or additional settings please consult your UCS admin guide or contact your Polycom reseller!

 

Wireshark Trace example:

 

SIP_and_SRTP.PNG

 

Above shows the original SIP invite in non secure signaling and the SRTP audio stream.

 

SIP_and_SRTP_02.PNG

Phone Log:

 

0530172346|sip  |0|00|    INVITE sip:10.252.149.53 SIP/2.0
0530172346|sip  |0|00|    Via: SIP/2.0/UDP 10.252.149.51;branch=z9hG4bKc4b46dc36F0369D0
0530172346|sip  |0|00|    From: "3395" <sip:3395@10.252.149.122>;tag=8535E755-271B5D8A
0530172346|sip  |0|00|    To: <sip:10.252.149.53>
0530172346|sip  |0|00|    CSeq: 1 INVITE
0530172346|sip  |0|00|    Call-ID: 910d4b8afc81e6b9d38802348703010a
0530172346|sip  |0|00|    Contact: <sip:3395@10.252.149.51>
0530172346|sip  |0|00|    Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
0530172346|sip  |0|00|    User-Agent: PolycomVVX-VVX_601-UA/5.7.2.1277
0530172346|sip  |0|00|    Accept-Language: en
0530172346|sip  |0|00|    Supported: replaces,100rel
0530172346|sip  |0|00|    Allow-Events: conference,talk,hold
0530172346|sip  |0|00|    Max-Forwards: 70
0530172346|sip  |0|00|    Content-Type: application/sdp
0530172346|sip  |0|00|    Content-Length: 1282
0530172346|sip  |0|00|    
0530172346|sip  |0|00|    v=0
0530172346|sip  |0|00|    o=- 1527697426 1527697426 IN IP4 10.252.149.51
0530172346|sip  |0|00|    s=Polycom IP Phone
0530172346|sip  |0|00|    c=IN IP4 10.252.149.51
0530172346|sip  |0|00|    b=AS:512
0530172346|sip  |0|00|    t=0 0
0530172346|sip  |0|00|    a=sendrecv
0530172346|sip  |0|00|    m=audio 2266 RTP/SAVP 115 99 9 102 0 8 18 127
0530172346|sip  |0|00|    a=crystals:5 AES_CM_128_HMAC_SHA1_80 inline:1TjMrZbt/ThxhrkFZOB33CYhnfHEtf0IvDIIKFgF
0530172346|sip  |0|00|    a=rtpmap:115 G7221/32000
0530172346|sip  |0|00|    a=fmtp:115 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:99 SIREN14/16000
0530172346|sip  |0|00|    a=fmtp:99 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:9 G722/8000
0530172346|sip  |0|00|    a=rtpmap:102 G7221/16000
0530172346|sip  |0|00|    a=fmtp:102 bitrate=32000
0530172346|sip  |0|00|    a=rtpmap:0 PCMU/8000
0530172346|sip  |0|00|    a=rtpmap:8 PCMA/8000
0530172346|sip  |0|00|    a=rtpmap:18 G729/8000
0530172346|sip  |0|00|    a=fmtp:18 annexb=no
0530172346|sip  |0|00|    a=rtpmap:127 telephone-event/8000
0530172346|sip  |0|00|    m=audio 2266 RTP/AVP 115 99 9 102 0 8 18 127
0530172346|sip  |0|00|    a=rtpmap:115 G7221/32000
0530172346|sip  |0|00|    a=fmtp:115 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:99 SIREN14/16000
0530172346|sip  |0|00|    a=fmtp:99 bitrate=48000
0530172346|sip  |0|00|    a=rtpmap:9 G722/8000
0530172346|sip  |0|00|    a=rtpmap:102 G7221/16000
0530172346|sip  |0|00|    a=fmtp:102 bitrate=32000
0530172346|sip  |0|00|    a=rtpmap:0 PCMU/8000
0530172346|sip  |0|00|    a=rtpmap:8 PCMA/8000
0530172346|sip  |0|00|    a=rtpmap:18 G729/8000
0530172346|sip  |0|00|    a=fmtp:18 annexb=no
0530172346|sip  |0|00|    a=rtpmap:127 telephone-event/8000
0530172346|sip  |0|00|    m=video 2268 RTP/SAVP 109 34
0530172346|sip  |0|00|    a=crypto:6 AES_CM_128_HMAC_SHA1_80 inline:248U4vJx6go6VeoVG8ZwST2d52bMLbknufCFDVcd
0530172346|sip  |0|00|    a=rtpmap:109 H264/90000
0530172346|sip  |0|00|    a=fmtp:109 profile-level-id=42800d
0530172346|sip  |0|00|    a=rtpmap:34 H263/90000
0530172346|sip  |0|00|    a=fmtp:34 CIF=1;QCIF=1;SQCIF=1
0530172346|sip  |0|00|    m=video 2268 RTP/AVP 109 34
0530172346|sip  |0|00|    a=rtpmap:109 H264/90000
0530172346|sip  |0|00|    a=fmtp:109 profile-level-id=42800d
0530172346|sip  |0|00|    a=rtpmap:34 H263/90000
0530172346|sip  |0|00|    a=fmtp:34 CIF=1;QCIF=1;SQCIF=1

 

Above shows the SRTP media Attribute from the SIP INVITE.

 

The Secure status of the call is symbolized on the phone with a scrolling lock icon:

 

SRTP.png

 

or

 

IP7000_SRTP.jpg

or

 SRTP_VVX.png

or

VVX601_SRTP.png

 

VVX_SRTP_Calling.png

 

 

 




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 1 of 1