...
| Note |
|---|
If the latest developer version of "Firefox" is used, additional configuration is required to correct the following error: 091 09042015 115022.824913:1.01.00.21882.MAJOR .DTLS_SRTP: *DTLS Error no shared cipher Execute the following command to correct the error: | Code Block |
|---|
| config
set profiles security dtlsProfile defaultDtlsProfile cipherSuite2 tls_ecdhe_rsa_with_aes_128_cbc_sha
commit |
|
| Anchor |
|---|
| Using the Default DTLS Profile |
|---|
| Using the Default DTLS Profile |
|---|
|
Using the Default DTLS ProfileThe default DTLS profile is already present when the system is up and can be used to run WRTC calls.
| Code Block |
|---|
|
% show profiles security dtlsProfile defaultDtlsProfile
handshakeTimer 5;
sessionResumpTimer 300;
cipherSuite1 rsa-with-aes-128-cbc-sha;
dtlsRole server;
hashType sha1;
CertName defaultDtlsSBCCert;
cookieExchange enabled;
v1_0 enabled;
v1_1 disabled;
v1_2 disabled;
[ok]
|
| Note |
|---|
For special configuration requirement in the DTLS profile, the default DTLS profile can be modified or a a new DTLS profile can be created. For details, refer to the section Creating the DTLS Profile. |
| Anchor |
|---|
| Creating the DTLS Profile |
|---|
| Creating the DTLS Profile |
|---|
|
Creating the DTLS Profile
...
| Code Block |
|---|
|
% show table system licenseInfo
LICENSE USAGE
FEATURE NAME ID EXPIRATION DATE LIMIT |
Navigate to All > License > Bundle
| Caption |
|---|
|
|
Defining SMM Rules
As SBC does not support SAVPF, the following SMM rules are applied for inter-working with WRTC endpoints:
...
Assigning SMM Profiles to Trunk Group
The SMM profile is applied to the Trunk Group as shown below:
| Code Block |
|---|
|
% set addressContext default zone ZONE_IAD sipTrunkGroup TG_SIPART_IAD signaling messageManipulation outputAdapterProfile OUT_SMM_RULE
|
Other Configuration
| Code Block |
|---|
|
% set addressContext default zone ZONE_IAD sipTrunkGroup ATG_SIPART_IAD services natTraversal mediaNat disabled
% set profiles media packetServiceProfile PSP_IAD rtcpOptions rtcp enable |
| Note |
|---|
The STUN handling for media NAT and ICE are mutually exclusive. Therefore, mediaNAT is disabled when ICE is used. For DTLS, an association is created for both RTP and RTCP. The RTCP control must be enabled for RTCP packets to flow. |
Viewing the Call Detail Status
...
| Code Block |
|---|
|
% show status global callDetailStatus
callDetailStatus 17334272 {
mediaStreams audio;
state Stable;
callingNumber 777;
calledNumber 444;
addressTransPerformed none;
origCalledNum "";
scenarioType SIP_TO_SIP;
callDuration 8;
mediaType passthru;
associatedGcid1 17334272;
associatedGcid2 17334272;
associatedGcidLegId1 1;
associatedGcidLegId2 0;
ingressMediaStream1LocalIpSockAddr "10.54.4.176/ 1026";
ingressMediaStream1RemoteIpSockAddr "10.70.52.67/ 55658";
egressMediaStream1LocalIpSockAddr "10.54.6.176/ 1026";
egressMediaStream1RemoteIpSockAddr "10.70.52.67/ 5124";
ingressMediaStream1Security "rtp-Encrypted rtp-auth rtcp-encrypted rtcp-auth crypto-aescm hmacsha180";
egressMediaStream1Security "rtp-disabled rtcp-disabled";
ingressMediaStream1Bandwidth 135;
egressMediaStream1Bandwidth 127;
ingressMediaStream1IceState ST_ICE_COMPLETE;
egressMediaStream1IceState NONE;
ingressDtlsSrtpStream1 ENABLED;
egressDtlsSrtpStream1 DISABLED;
iceCallTypes "ing-lcl-ICE-LITE ing-rmt-FULL-ICE eg-lcl-NONE eg-rmt-NONE";
}
|
The following screen shows a successful DTLS handshake packet capture:
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | The Screen Showing a Successful DTLS Packet Capture |
|---|
|
Image Added |
| Add_docset_workflow |
|---|
| AUTH1 | bgoswami | |
|---|
| DEV2 | pkaur | |
|---|
| DEV1 | sgibbard | |
|---|
| LDEV1 | aross | |
|---|
| SVT1 | mmeenakshisundaram | |
|---|
| LSVT1 | radaikalam | |
|---|
|