Gateway did not offer SRTP keys which is required by Mediation Server
-
lunedì 23 luglio 2012 18:45
I have AudioCodes Mediant 1000, when I configured TLS the following erros appears "Gateway did not offer SRTP keys which is required by Mediation Server"
the Master Key Identifier (MKI) Size = 1
the Enable symmetric MKI negotiation = Disable
I tested with the Negotiation = Enable, but the problem still the same.
I am totally lost, because I don´t know wich parameters to change.
I will appreciate if somebody can give a help
I am configuring the SBA and SBC with the M1000 (Version ID:6.40A.037.009)- Modificato juan-bue lunedì 23 luglio 2012 19:04
Tutte le risposte
-
martedì 24 luglio 2012 19:00I would chat to AudioCodes. I assume everything works with you try plain TCP?
Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010
-
martedì 24 luglio 2012 20:34Hi, yes with plain TCP is working Ok
-
mercoledì 25 luglio 2012 10:18Moderatore
Hi,
Please make sure you publish the gateway object with 5061 port in the topology builder when you use TLS protocal in the M1000 Gateway.
Please check if there is option can enable or disable the SRTP protocol in the M1000 gateway.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
mercoledì 25 luglio 2012 15:38
Hi
We are using another TCP port 5067 and in the topology builder it is configured.
I have the following parameters in the gateway:
Menu > Media Security > General Media Security Settings
- Media Security = Enable
- Media Security Begavior = Mandatory
- Authentication On Transmitted RTP Packets = Active
- Encryption On Transmitted RTP Packets = Active
- Encryption ON Transmitted RTCP Packets = Active
> SRTP Setting
- Master Key Identifier (MKI) Size = 1
Enable Symmetric MKI nogotiation = Disable
> SRTP offered Suites
CIPHER SUITES AES CM 128 HMAC SHA1 80 = selected
CIPHER SUITES AES CM 128 HMAC SHA1 32 = selected
CIPHER SUITES ARIA CM 128 HMAC SHA1 80 = selected
CIPHER SUITES ARIA CM 192 HMAC SHA1 80 = selected
Menu > Sip Definitions > General Parameters
- SIP Transport Type = TLS
- SIP TLS Local Port = 5067
- SIP Destination Port = 5067
Menu > Security > General Security Settings
- TLS Version = SSL 2.0-3.0 and TLS 1.0
-
giovedì 26 luglio 2012 19:43
I can understand that Mediation server runs on 5067 when collocated, but why are you running the gateway on 5067?
Also, check the following:
1) You configured your gateway using an FQDN and not IP in the topology builder
2) You have a valid Certificate installed on the Gateway
3) Your Mediation Server trusts the certificate authority that issued the GW cert and the gateway trusts the certificate authority that issued the Mediation Server Certificate.
4) Your Gateway is configured to make use of DNS and that your destination in your route tables are the FQDN of the Mediation server, not the IP.
Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010
- Contrassegnato come risposta Sean_XiaoMicrosoft Contingent Staff, Moderator lunedì 6 agosto 2012 04:29
-
domenica 29 luglio 2012 08:44
Hi, take the documentation from Audiocodes and configure only the PSTN Gateway Settings like AC wrote in section 8.
http://www.audiocodes.com/filehandler.ashx?fileid=2581962
Do you hav Import a right certificate to the GW?
regards Holger Technical Specialist UC
- Modificato Holger BunkradtMicrosoft Community Contributor domenica 29 luglio 2012 08:45
- Contrassegnato come risposta Sean_XiaoMicrosoft Contingent Staff, Moderator lunedì 6 agosto 2012 04:29
.png)
