Overview
Cisco Unified Border Element (CUBE) supports secure calls between two networks having different cipher suites. SRTP-SRTP interworking is supported for audio and video calls.
From Cisco IOS XE Everest Release 16.5.1b onwards, when SRTP is enabled, by default Cisco Unified Border Element supports secure calls between networks using different cipher suites. The cipher suites supported for SRTP-SRTP interworking with default preference order is as follows:
-
AEAD_AES_256_GCM
-
AEAD_AES_128_GCM
-
AES_CM_128_HMAC_SHA1_80
-
AES_CM_128_HMAC_SHA1_32
CUBE allows you to change the list of preference order of the cipher-suites. Cipher-suite preference can be configured globally (under voice service voip >> sip ), on a voice class tenant, or on a dial-peer.
The preference range is from 1 to 4, where 1 represents highest preference. CUBE offers SRTP cipher-suites in SDP offer based on the preference configured. For SDP answer, the highest configured preference cipher-suite that matches the offer from peer is selected.
Feature Information
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Security Readiness Criteria (SRC)—Modified the command show sip-ua calls . |
Cisco IOS XE Gibraltar Release 16.11.1a |
Command show sip-ua calls is modified to display local crypto key and remote cryto key. |
Support for SRTP-SRTP interworking |
Cisco IOS XE Everest 16.5.1b |
This feature allows secure calls between two enterprises using different cipher suites. Supported cipher suites are as follows:
|
Supplementary Services
The following supplementary services are supported:
-
Midcall codec change with voice class codec configuration
-
Reinvite-based call hold and resume.
-
Music on hold (MoH) invoked from the Cisco Unified Communications Manager (Cisco UCM), where the call leg changes between SRTP and RTP for an MoH source.
-
Reinvite-based call forward and call transfer.
-
Call transfer based on a REFER message, with local consumption or pass-through of the REFER message on the CUBE
-
Call forward based on a 302 message, with local consumption or pass-through of the 302 message on the CUBE
-
T.38 fax switchover
-
Fax pass-through switchover
For call transfers involving REFER and 302 messages (messages that are locally consumed on CUBE), end-to-end media renegotiation is initiated from CUBE only when you configure the supplementary-service media-renegotiate command in voice service VoIP configuration mode.
Note |
Any call-flow wherein there is a switchover from RTP to SRTP on the same SIP call-leg requires the supplementary-service media-renegotiate command that is enabled in global or voice service VoIP configuration mode to ensure that there is two-way audio. Example call-flows:
|
When supplementary services are invoked from the endpoints, the call can switch between SRTP and RTP during the call duration. Hence, Cisco recommends that you configure such SIP trunks for SRTP fallback. For information on configuring SRTP fallback, referEnable SRTP Fallback.