...
To be able to configure SRTP/SRTCP on the IMG, the cryptographic protocol TLS must first be configured. Before proceeding with configuration, verify that TLS has already been configured. See links below to first configure TLS if needed.
IMG 1010 - SIP Signaling Over TLS Overview
IMG 1010 - TLS - Configuration
IMG 1010 - SIP SRTP CryptoSuite
Verify the Secure Communications License is loaded
Right Click on the IMG Name (Physical IMG) and select New License Info. Verify the Secure Communications License is loaded. See the IMG 1010 - License Info topic for more information.
...
When initially configuring TLS, a SIP SGP pane was created for use with TLS. Since TLS is already configured on this profile, SRTP can be added to this SIP SGP pane. Within the SIP SGP Pane is the field SRTP Mode. Select from drop down menu whether SRTP encryption is disabled, Mandatory, or RTP fallback as displayed below:
Disable: The crypto information within the RTP packets will be analyzed. Any crypto information within an SRTP packet will be rejected with 488 Unacceptable Media.
Mandatory: The crypto information within the RTP packet will be rejected. Only crypto information within an SRTP packet will be analyzed.
RTP fallback: The crypto information within the SRTP packet will be analyzed. If crypto information within the SRTP packet is not acceptable (No SRTP encryption), fall back to SDP information within the RTP packetSee IMG 1010 - SIP Profile - 10.5.3 for more information on this pane
...
Right Click on the SIP SGP Pane from above and select New SIP SRTP Cryptosuite. A SIP SRTP Cryptosuite Pane will get created. See below:
Configure the Crypto-suite, Window Size Hint, and SRTCP Encryption Fields. See IMG 1010 - SIP SRTP CryptoSuite for more information on configuring this pane.
...
An External Gateway with TLS configured was created in the TLS configuration procedure accomplished earlier. Select this gateway. In the SIP Profile field select the SIP SGP Pane created earlier from drop down menu as displayed below. The SIP SGP profile with TLS/SRTP should be configured to all External Gateways that IMG will communicate with that needs the TLS/SRTP configured. See IMG 1010 - External Gateway for more information
...
Insert IP Bearer Profile into Incoming and Outgoing Channel Groups
...
Select the Channel Groups that has the TLS configured on them. Right Click on the Channel Group and select New IP Network Element. Select the gateway configured earlier which has the TLS and SRTP configured on it. See screen capture below:
Execute above procedure for all Incoming/Outgoing Channel groups that TLS/SRTP will get configured on.
The screen capture below displays the ClientView Tree after configuration of TLS/SRTP: