In this section:

Related articles:

Configuring the IMS LI

This section outlines how to configure the node number and IPsec for the IMS LI.

For information about configuring the IMS LI on the S-SBC, M-SBC, or I-SBC, refer to the following pages:

Configuring the Node Number

As the Calea user, use the following command to configure the LI.

set addressContext default intercept nodeNumber 7788

Note
  • If the CDC is configured through the EMS, the node number is configured automatically by the EMS.
  • If the CDC is configured through the SBC, the node number must be configured along with the CDC on the SBC.

Configuring IPsec for Signaling and Media Interception

As the admin user, use the following commands to configure the IPsec.

Note

  • This configuration is mandatory only when you must send the intercepted traffic over a secure connection between the SBC and the mediation server.

  • The SBC supports IPsec for media interception over UDP.
  • The SPD entry must create the following entries:

    • localIdentity ipAddress – The SBC interface group IP associated with the LI CDC.

    • remoteIdentity ipAddress – The mediation server IP configured in the LI CDC.

  • The recommended setting for LI IPsec mode is transport.

Info

For more information about IPsec configuration, refer to IP Security - CLI.

### create and configure IKE and IPsec protection profiles
   
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc
  
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd
  
### create IKE peer
  
set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161
set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.54.78.20
set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF
  
### create an SPD rule for this IKE peer
  
set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001
set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.20 remoteIpPrefixLen 32
set addressContext default ipsec spd PRGGSX2_SPD action protect
set addressContext default ipsec spd PRGGSX2_SPD protocol 0
set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF
set addressContext default ipsec spd PRGGSX2_SPD mode transport
set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2
  
### enable IPsec on the IP interface group
  
set addressContext default ipInterfaceGroup LIG1 enabled
Note

The SBC supports IMS LI for PS-to-PS handover scenarios. This support does not impact the IMS routing.

Viewing IMS LI Configuration

Enter the show commands to view the configurations.

Viewing the Intercept Details

Use the following command to view the intercept details.

show status addressContext default intercept callDataChannel
callDataChannel CDC {
    mediationServerMediaStatus MS1 {
        tcpChannelstatus inService;
        tcpPacketsSent   0;
        tcpPacketsLost   0;
        udpPacketsSent   0;
        udpPacketsLost   0;
    }
    mediationServerSignalingStatus MS1 {
        tcpChannelStatus inService;
        DSRSuccess       0;
        DSRFailures      0;
    }
}
[ok]

Viewing the CDC Configuration

Use the following command to view the CDC configuration.

show addressContext default intercept
nodeNumber 7788;
callDataChannel CDC {
    dsrProtocolVersion    0;
	interceptStandard     etsi;
    vendorId              verint;
    ipInterfaceGroupName  LIG1;
    liPolDipForRegdOodMsg enabled;
    rtcpInterception      enabled;
    mediaIpInterfaceGroupName LIG1;
    mediationServer MS1 {
        signaling {
            ipAddress    10.54.78.20;
            portNumber   65300;
            protocolType tcp;
            mode         inService;
            state        enabled;
        }
        media {
            tcp {
                ipAddress  10.54.78.20;
                portNumber 65120;
                mode       inService;
                state      enabled;
            }
            udp {
                ipAddress  10.54.78.20;
                portNumber 65200;
                mode       inService;
                state      enabled;
            }
        }
    }
}
[ok]

 

  • No labels