Home » Cisco Manuals » Wireless » Cisco SRP521W-K9-G1 » Manual Viewer

Cisco SRP521W-K9-G1 Administration Guide - Page 112

Secure Call Details, Encrypted Master Key 16B or 128b

View all Cisco SRP521W-K9-G1 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 112 highlights

6 Configuring Voice Configuring Dial Plans The signing agent is implicit and must be the same for all devices that communicate securely with each other. The public key of the signing agent is preconfigured into the SRP by the administrator and is used by the SRP to verify the Mini-Certificate of its peer. The Mini-Certificate is valid if it has not expired, and it has a valid signature. The SRP can be configured so that, by default, all outbound calls are either secure or not secure. If secure by default, the user has the option to disable security when making a call by dialing *19 before dialing the target number. If not secure by default, the user can make a secure outbound call by dialing *18 before dialing the target number. However, the user cannot force inbound calls to be secure or not secure; that depends on whether the caller has security enabled or not. The SRP will not switch to secure mode if the CID of the called party from its MiniCertificate does not agree with the user-id used in making the outbound call. The SRP performs this check after receiving the Mini-Certificate of the called party. Secure Call Details Looking at the second stage of setting up a secure call in greater detail, this stage can be further divided into two steps. STEP 1 The caller sends a "Caller Hello" message (base64 encoded and embedded in the message body of a SIP INFO request) to the called party with the following information: • Message ID (4B) • Version and flags (4B) • SSRC of the encrypted stream (4B) • Mini-Certificate (252B) Upon receiving the Caller Hello, the called party responds with a Callee Hello message (base64 encoded and embedded in the message body of a SIP response to the caller's INFO request) with similar information, if the Caller Hello message is valid. The caller then examines the Callee Hello and proceeds to the next step if the message is valid. STEP 2 The caller sends the "Caller Final" message to the called party with the following information: • Message ID (4B) • Encrypted Master Key (16B or 128b) 112 Cisco SRP500 Series Services Ready Platforms Administration Guide (SRP520 Models)

Section	Page
Introducing the SRP500 Series Services Ready Platform (SRP520 Models)	10
Feature Overview	10
Product Overview	11
Model Numbers	11
Front Panel	11
Back Panel	13
Side View	15
Top View	16
Default Settings	17
Getting Started with the Configuration Utility	18
Logging In to the Configuration Utility	18
Overview of the Configuration Utility	19
Main Window Areas	19
Configuration Utility Icons	20
The Quick Setup Menu	21
Basic Configuration Setup	21
WAN Setup (Ethernet)	21
WAN Setup (ADSL)	22
LAN Setup	22
Wireless Setup	22
Remote Provisioning	23
Advanced Configuration Setup	23
Voice	23
Mobile Network Setup	23
Firewall	23
NAT	24
Setting up the Interfaces of the Services Ready Platforms	25
Setting up the WAN Interface	25
Internet Setup	26
Adding a Subinterface	29
Encapsulation Settings	32
Internet Options	35
Mobile Network	36
Failover and Recovery	40
Setting up the VLAN Interfaces and LAN Ports	42
DHCP Server	42
VLAN Settings	45
Port Settings	47
Setting up the Wireless LAN	48
Basic Wireless Settings	49
Wireless Protected Setup	55
Wireless MAC Filter	56
Advanced Wireless Settings	58
WMM Setting	61
Using the Management Interface	61
Configuring the Network	62
Routing	63
Static Routes	63
RIP	64
Intervlan Routing	66
NAT	66
NAT Setting	66
Port Forwarding	67
Port Range Triggering	69
QoS	71
QoS Bandwidth Control	71
QoS Policy	72
CoS To Queue	74
DSCP To Queue	75
Firewall	75
Firewall Filter	75
Internet Access Control	77
PPPoE Relay	79
DDNS	80
DMZ	82
IGMP	83
UPnP	84
CDP Setting	85
Configuring Voice	87
Configuring Voice Services	87
Understanding Voice Port Operations	87
SRP Voice Features	88
Registering to the Service Provider	95
Managing Caller ID Services	97
Optimizing Fax Completion Rates	99
Silence Suppression and Comfort Noise Generation	101
Configuring Dial Plans	102
Secure Call Implementation	111
Configuring Voice Settings	115
Info Page	115
System Page	119
SIP Page	120
Provisioning Page	131
Regional Page	136
Line Pages (1-2)	156
User Pages (1-2)	178
Configuring VPN	183
IKE Policy	183
IPSec Policy	185
GRE Tunnel	188
VPN Passthrough	190
Cisco VPN Server	191
Configuring Users	194
Administration Settings	195
Web Access Management	196
Remote Management	197
TR069	197
SNMP	199
Local TFTP	201
Time Setup	202
Setup Wizard	203
User List	204
User Privilege Control	204
Logging	205
Factory Defaults	206
Firmware Upgrade	206
Backup & Restore	207
Backup Configuration	207
Restore Configuration	207
Reboot	208
Status	208
Switch Setting	208
Using Services Ready Platform Diagnostics	210
Ping Test	210
Traceroute Test	211
Detect Active LAN Clients	211
Viewing the Services Ready Platforms Status	212
Router Settings	213
Firewall Status	214
Interface Information	216
Wireless Network Status	217
Wireless Client Information	218
Mobile Network Status	218
DHCP Server Information	220
QoS Status	221
Routing Table	222
ARP Table	222
RIP Status	223
IGMP Status	223
VPN Status	224

Match case Limit results 1 per page

Configuring Voice

Configuring Dial Plans

112

Cisco SRP500 Series Services Ready Platforms Administration Guide (SRP520 Models)

The signing agent is implicit and must be the same for all devices that

communicate securely with each other. The public key of the signing agent is pre-

configured into the SRP by the administrator and is used by the SRP to verify the

Mini-Certificate of its peer. The Mini-Certificate is valid if it has not expired, and it

has a valid signature.

The SRP can be configured so that, by default, all outbound calls are either secure

or not secure. If secure by default, the user has the option to disable security when

making a call by dialing *19 before dialing the target number. If not secure by

default, the user can make a secure outbound call by dialing *18 before dialing the

target number. However, the user cannot force inbound calls to be secure or not

secure; that depends on whether the caller has security enabled or not.

The SRP will not switch to secure mode if the CID of the called party from its Mini-

Certificate does not agree with the user-id used in making the outbound call. The

SRP performs this check after receiving the Mini-Certificate of the called party.

Secure Call Details

Looking at the second stage of setting up a secure call in greater detail, this stage

can be further divided into two steps.

STEP 1

The caller sends a “Caller Hello” message (base64 encoded and embedded in the

message body of a SIP INFO request) to the called party with the following

information:

•

Message ID (4B)

•

Version and flags (4B)

•

SSRC of the encrypted stream (4B)

•

Mini-Certificate (252B)

Upon receiving the Caller Hello, the called party responds with a Callee Hello

message (base64 encoded and embedded in the message body of a SIP

response to the caller’s INFO request) with similar information, if the Caller Hello

message is valid. The caller then examines the Callee Hello and proceeds to the

next step if the message is valid.

STEP

The caller sends the “Caller Final” message to the called party with the following

information:

•

Message ID (4B)

•

Encrypted Master Key (16B or 128b)