In this section:
This section outlines how to configure the node number and IPsec for the IMS LI.
For information about configuring the IMS LI on the S-SBC, M-SBC, or I-SBC, refer to the following pages:
As the Calea user, use the following command to configure the LI.
set addressContext default intercept nodeNumber 7788
As the admin user, use the following commands to configure the IPsec.
This configuration is mandatory only when you must send the intercepted traffic over a secure connection between the SBC and the mediation server.
localIdentity ipAddress – The SBC interface group IP associated with the LI CDC.
remoteIdentity ipAddress – The mediation server IP configured in the LI CDC.
The recommended setting for LI IPsec mode is transport.
For more information about IPsec configuration, refer to IP Security - CLI.
### create and configure IKE and IPsec protection profiles set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800 set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5 set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800 set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5 set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd ### create IKE peer set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161 set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.54.78.20 set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF ### create an SPD rule for this IKE peer set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001 set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.20 remoteIpPrefixLen 32 set addressContext default ipsec spd PRGGSX2_SPD action protect set addressContext default ipsec spd PRGGSX2_SPD protocol 0 set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF set addressContext default ipsec spd PRGGSX2_SPD mode transport set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2 ### enable IPsec on the IP interface group set addressContext default ipInterfaceGroup LIG1 enabled
The SBC supports IMS LI for PS-to-PS handover scenarios. This support does not impact the IMS routing.
Enter the show commands to view the configurations.
Use the following command to view the intercept details.
show status addressContext default intercept callDataChannel callDataChannel CDC { mediationServerMediaStatus MS1 { tcpChannelstatus inService; tcpPacketsSent 0; tcpPacketsLost 0; udpPacketsSent 0; udpPacketsLost 0; } mediationServerSignalingStatus MS1 { tcpChannelStatus inService; DSRSuccess 0; DSRFailures 0; } } [ok]
Use the following command to view the CDC configuration.
show addressContext default intercept nodeNumber 7788; callDataChannel CDC { dsrProtocolVersion 0; interceptStandard etsi; vendorId verint; ipInterfaceGroupName LIG1; liPolDipForRegdOodMsg enabled; rtcpInterception enabled; mediaIpInterfaceGroupName LIG1; mediationServer MS1 { signaling { ipAddress 10.54.78.20; portNumber 65300; protocolType tcp; mode inService; state enabled; } media { tcp { ipAddress 10.54.78.20; portNumber 65120; mode inService; state enabled; } udp { ipAddress 10.54.78.20; portNumber 65200; mode inService; state enabled; } } } } [ok]