locked
Configuring TLS on Mediant 1000 RRS feed

  • Question

  • We have 4 branch offices with Mediant 1000's in them and a local Mediation server.  They are currently configured for TCP communication.  I want to change this to TLS for best practice and to configure Media Bypass.  I changed the Gateway to use TLS in Topology builder and restarted the Mediation service on the mediation server.  I have set the following on the mediant:

    1.Open the 'Media Security' page (Configuration tab > Media menu > Media
    Security).

    2. Set the Media Security to ‘Enable’.

    3. Set the Media Security Behavior:
    • “Mandatory” if Mediation Server is configured to SRTP Required
    • ”Preferable-Single media” if Mediation Server is configured to SRTP
    Optional.
    4. Set the Master Key Identifier (MKI) Size to ‘1’.
    5. Click Submit.
    6. Save (burn) the Mediant 1000 MSBG configuration and reset the Gateway.

    1. Open the 'Applications Enabling' page (Configuration tab > VoIP menu > SIP
    Definitions > General Parameters).

    2.Set ‘NAT IP Address’,with the Global (public) IP address of the Mediant 1000
    MSBG device.
    3. Set Enable Early Media to ‘Enable’.
    4. Set Fax Signaling Method to ‘G.711 Transport’.
    5. Set SIP Transport Type to ‘TLS’.
    6. Set SIP TLS Local Port to ‘5067’ (Lync server port)
    7. Set SIP Destination Port to ‘5067’ (Lync Server port)

    I have then set the routing rule to use TLS. 

    I keep getting the below error though:

    15:00:41.755 : 192.168.8.10 : WARNING : [PType=9] (      lgr_flow)(1943      ) !! [ERROR] TlsTransportObject#62- CSocket::HandleSocketEvent socket error received, error: Connection refused(261)  [Time: 12-09-2012@14:00:37]

    Any help or advice would be appreciated.

    Sunday, December 9, 2012 2:25 AM

All replies

  • Hi,

    If you enable TLS on the mediant 1000, you need to upload a certificate file which is requested from the CA trusted by Lync Server to the audiocodes Mediant 1000 in order to work for TLS. About how to upload a certificate to the Mediant 1000, please see the documents in the AudioCodes website.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sean Xiao
    TechNet Community Support

    • Proposed as answer by Sean_Xiao Monday, December 17, 2012 2:56 AM
    Tuesday, December 11, 2012 6:38 AM
  • Hi Sean - I had already done this but am not 100% certain I have done it correctly.  I will recreate the certificate and see how I go.  It will be a few days before I can arrange time to do this but I will let you know how I get on.

    Thanks,
    Mark

    Tuesday, December 11, 2012 5:27 PM
  • Hi,

    Do you have any luck now?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sean Xiao
    TechNet Community Support

    Monday, December 24, 2012 2:24 AM