locked
Gateway did not offer SRTP keys which is required by Mediation Server RRS feed

  • Question

  • I have AudioCodes Mediant 1000, when I configured TLS the following erros appears "Gateway did not offer SRTP keys which is required by Mediation Server" 

    the Master Key Identifier (MKI) Size = 1

    the Enable symmetric MKI negotiation = Disable

    I tested with the Negotiation = Enable, but the problem still the same.

    I am totally lost, because I don´t know wich parameters to  change.

     I will appreciate if somebody can give a help

    I am configuring the SBA and SBC with the M1000 (Version ID:6.40A.037.009)
    • Edited by juan-bue Monday, July 23, 2012 7:04 PM
    Monday, July 23, 2012 6:45 PM

Answers

  • I can understand that Mediation server runs on 5067 when collocated, but why are you running the gateway on 5067?

    Also, check the following:

    1) You configured your gateway using an FQDN and not IP in the topology builder

    2) You have a valid Certificate installed on the Gateway

    3) Your Mediation Server trusts the certificate authority that issued the GW cert and the gateway trusts the certificate authority that issued the Mediation Server Certificate.

    4) Your Gateway is configured to make use of DNS and that your destination in your route tables are the FQDN of the Mediation server, not the IP.


    Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010

    Thursday, July 26, 2012 7:43 PM
  • Hi, take the documentation from Audiocodes and configure only the PSTN Gateway Settings like AC wrote in section 8.

    http://www.audiocodes.com/filehandler.ashx?fileid=2581962

    Do you hav Import a right certificate to the GW?


    regards Holger Technical Specialist UC


    Sunday, July 29, 2012 8:44 AM

All replies

  • I would chat to AudioCodes. I assume everything works with you try plain TCP?

    Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010

    Tuesday, July 24, 2012 7:00 PM
  • Hi, yes with plain TCP is working Ok
    Tuesday, July 24, 2012 8:34 PM
  • Hi,

    Please make sure you publish the gateway object with 5061 port in the topology builder when you use TLS protocal in the M1000 Gateway.

    Please check if there is option can enable or disable the SRTP protocol in the M1000 gateway.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, July 25, 2012 10:18 AM
    Moderator
  • Hi 

    We are using another TCP port 5067 and in the topology builder it is configured.

    I have the following parameters in the gateway:

    Menu > Media Security > General Media Security Settings

    - Media Security = Enable

    - Media Security Begavior = Mandatory

    - Authentication On Transmitted RTP Packets = Active

    - Encryption On Transmitted RTP Packets = Active

    - Encryption ON Transmitted RTCP Packets = Active

     > SRTP Setting

    - Master Key Identifier (MKI) Size = 1

      Enable Symmetric MKI nogotiation = Disable

     > SRTP offered Suites

    CIPHER SUITES AES CM 128 HMAC SHA1 80 = selected

    CIPHER SUITES AES CM 128 HMAC SHA1 32 = selected

    CIPHER SUITES ARIA CM 128 HMAC SHA1 80 = selected

    CIPHER SUITES ARIA CM 192 HMAC SHA1 80 = selected

    Menu > Sip Definitions > General Parameters

    - SIP Transport Type = TLS

    SIP TLS Local Port = 5067

    - SIP Destination Port = 5067

    Menu > Security > General Security Settings

    TLS Version = SSL 2.0-3.0 and TLS 1.0


    Wednesday, July 25, 2012 3:38 PM
  • I can understand that Mediation server runs on 5067 when collocated, but why are you running the gateway on 5067?

    Also, check the following:

    1) You configured your gateway using an FQDN and not IP in the topology builder

    2) You have a valid Certificate installed on the Gateway

    3) Your Mediation Server trusts the certificate authority that issued the GW cert and the gateway trusts the certificate authority that issued the Mediation Server Certificate.

    4) Your Gateway is configured to make use of DNS and that your destination in your route tables are the FQDN of the Mediation server, not the IP.


    Casper Pieterse, Principle Consultant - UC, Dimension Data North America, Microsoft Certified Master: Exchange 2007 / 2010

    Thursday, July 26, 2012 7:43 PM
  • Hi, take the documentation from Audiocodes and configure only the PSTN Gateway Settings like AC wrote in section 8.

    http://www.audiocodes.com/filehandler.ashx?fileid=2581962

    Do you hav Import a right certificate to the GW?


    regards Holger Technical Specialist UC


    Sunday, July 29, 2012 8:44 AM