Versions Compared

Old Version 3

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

...

borderColorgreen
bgColortransparent
borderWidth2

...

Back to Table of Contents

...

Back to Configuring SBC For Lawful Interception

In this section:

Table of Contents
maxLevel4

...

Info
iconfalse

Related articles:

Anchor
Configure the CDC
Configure the CDC
Configuring the

...

To configure Call Data Channel (CDC):

...

IMS LI

This section outlines how to configure the node number and IPsec for the IMS LI.

For information about configuring the IMS LI on the S-SBC, M-SBC, or I-SBC, refer to the following pages:

Configuring the Node Number

As the Calea user, use the following command to configure the LI.

Code Block
languagenone

...

set addressContext default intercept

...

nodeNumber

...

Note

Mediation server’s ipInterfaceGroup must be different from other signaling ipInterface groups. This ensures that LI doesn't use signaling ipAddress to send intercepted traffic (media/signaling) towards Mediation Server.

...

7788

Include Page
CDC_Configured_through_EMS
CDC_Configured_through_EMS

Configuring IPsec for Signaling and Media Interception

As the admin user, use the following commands to configure the IPsec.

Info
titleNote

  • This configuration is mandatory only when you must send the intercepted traffic over a secure connection between the

    Spacevars
    0product
    and the mediation server.

  • The SBC supports IPsec for media interception over UDP.
  • The SPD entry must create the following entries:

    • localIdentity ipAddress – The SBC interface group IP associated with the LI CDC.

    • remoteIdentity ipAddress – The mediation server IP configured in the LI CDC.

  • The recommended setting for LI IPsec mode is transport.

Info
titleInfo

For more information about IPsec configuration, refer to IP Security - CLI.

Code Block
### create and configure IKE and IPsec protection profiles
   
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc
  
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd
  
### create IKE peer
  
set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161
set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr

For other options of configuring the intercept flavor as IMS LI, refer to the section Configuring SBC For Lawful Interception.

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint
commit

...

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp ipAddress 10.54.78.20 portNumber 65120
commit
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp state enabled mode inService
commit 

...

languagenone

...

 ipAddress 10.54.78.20

...


set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF
  
### create an SPD rule for this IKE peer
  
set addressContext default ipsec spd PRGGSX2_SPD state enabled

...

precedence

...

languagenone

...

1001
set addressContext default ipsec

...

spd

...

PRGGSX2_SPD

...

localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.

...

20 remoteIpPrefixLen 32
set addressContext default ipsec spd PRGGSX2_SPD action protect
set addressContext default ipsec spd PRGGSX2_SPD protocol 0
set addressContext default

...

Note

The protocolType "udp" is not supported for Signaling interception in this release.

...

Code Block
languagenone
% set addressContext default intercept callDataChannel CDC rtcpInterception enabled
Note

The rtcpInterception parameter is visible, when interceptStandard and vendorId is configured as IMS LI

...

The parameter liPolDipForRegdOodMsg when enabled is used to indicate SBC to send policy request to PSX for registered Out-Of-Dialog requests(messages) to be intercepted. When this parameter is disabled, policy request is not sent to PSX for registered Out-Of-Dialog requests (messages).

Enable the support for Policy dip, for registered users out-of-dialog messages, to decide on interception, by executing the command

...

languagenone

...

 ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF
set addressContext default ipsec spd PRGGSX2_SPD mode transport
set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2
  
### enable IPsec on the IP interface group
  
set addressContext default

...

ipInterfaceGroup LIG1 enabled
Info
title
Note

The liPolDipForRegdOodMsg  parameter is visible, when interceptStandard and vendorId is configured as IMS LI.

...

Note

The SBC supports IMS LI for PS-to-PS handover scenarios. This support does not impact the IMS routing.

Viewing IMS LI Configuration

Enter the show commands to view the configurations.

Anchor
Viewing the Intercept Details
Viewing the Intercept Details
Viewing the Intercept Details

...

Use the following command to view the intercept details

...

.

Code Block
languagenone

...

show status addressContext default intercept callDataChannel
callDataChannel CDC {
    mediationServerMediaStatus MS1 {
        tcpChannelstatus

...

inService;
        tcpPacketsSent   0;
        tcpPacketsLost   0;
        udpPacketsSent   0;
        udpPacketsLost   0;
    }
    mediationServerSignalingStatus MS1 {
        tcpChannelStatus

...

inService;
        DSRSuccess       0;
        DSRFailures      0;
    }
}
[ok]

Anchor
Viewing the CDC Configuration
Viewing the CDC Configuration
Viewing the CDC Configuration

...

Use the following command to view the CDC configuration

...

.

Code Block
languagenone

...

show addressContext default intercept
nodeNumber 7788;
callDataChannel CDC {
    dsrProtocolVersion    0;
	interceptStandard

...

etsi;
    vendorId

...

verint;
    ipInterfaceGroupName  LIG1;
    liPolDipForRegdOodMsg enabled;
    rtcpInterception      enabled;
    mediaIpInterfaceGroupName LIG1;
    mediationServer MS1 {
        signaling {
            ipAddress    10.

...

54.

...

78.

...

20;
            portNumber

...

   65300;
            protocolType tcp;
            mode         inService;
            state        enabled;
        }
        media {
            tcp {
                ipAddress  10.

...

54.

...

78.

...

20;
                portNumber

...

65120;
                mode       inService;
                state      enabled;
            }
            udp {
                ipAddress  10.

...

54.

...

78.

...

20;
                portNumber

...

65200;
                mode       inService;
                state      enabled;
            }
        }
    }
}
[ok]

...

 

Pagebreak