In this section:
To configure Call Data Channel (CDC):
As user ''Calea'', use the following commands to configure LI:
set addressContext default intercept nodeNumber 7788
To create CDC, refer to the section Configuring SBC For Lawful Interception.
set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIG1 commit
Mediation server’s ipInterfaceGroup
must be different from other signaling ipInterface
groups. This ensures that LI doesn't use signaling ipAddress
to send intercepted traffic (media/signaling) towards Mediation Server.
For other options of configuring the intercept flavor as IMS LI, refer to the section Configuring SBC For Lawful Interception.
set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint mediaIpInterfaceGroupName LIG1 commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp ipAddress 10.54.78.20 portNumber 65120 commit set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp state enabled mode inService commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress 10.54.78.20 portNumber 65200 commit set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled mode inService commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling ipAddress 10.54.78.20 portNumber 65300 protocolType tcp commit set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling state enabled mode inService commit
The protocolType
"udp
" is not supported for Signaling interception in this release.
set addressContext default intercept callDataChannel CDC rtcpInterception enabled commit
The rtcpInterception
parameter is visible, when interceptStandard
and vendorId
is configured as IMS LI.
The parameter liPolDipForRegdOodMsg
when enabled is used to indicate SBC to send policy request to PSX for registered Out-Of-Dialog requests(messages) to be intercepted. When this parameter is disabled, policy request is not sent to PSX for registered Out-Of-Dialog requests (messages).
Enable the support for Policy dip, for registered users out-of-dialog messages, to decide on interception, by executing the command
set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsg enabled commit
The liPolDipForRegdOodMsg
parameter is visible, when interceptStandard
and vendorId
is configured as IMS LI.
As user ''Admin'', use the following commands to configure IPsec:
localIdentity ipAddress – The SBC Interface Group IP associated with the LI CDC.
remoteIdentity ipAddress – The Mediation Server IP configured in the LI CDC.
The Recommended setting for LI IPsec mode is 'transport'.
For more information on IPsec configuration, refer to the section IP Security - CLI.
### create and configure IKE and IPsec protection profiles set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800 set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5 set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800 set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5 set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd ### create IKE peer set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161 set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.54.78.20 set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF ### create an SPD rule for this IKE peer set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001 set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.20 remoteIpPrefixLen 32 set addressContext default ipsec spd PRGGSX2_SPD action protect set addressContext default ipsec spd PRGGSX2_SPD protocol 0 set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF set addressContext default ipsec spd PRGGSX2_SPD mode transport set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2 ### enable IPsec on the IP interface group set addressContext default ipInterfaceGroup LIG1 enabled
Enter the show commands to view the configurations.
To view the intercept details, execute the following command:
show status addressContext default intercept callDataChannel callDataChannel CDC { mediationServerMediaStatus MS1 { tcpChannelstatus inService; tcpPacketsSent 0; tcpPacketsLost 0; udpPacketsSent 0; udpPacketsLost 0; } mediationServerSignalingStatus MS1 { tcpChannelStatus inService; DSRSuccess 0; DSRFailures 0; } } [ok]
To view the CDC configuration, execute the following command:
show addressContext default intercept nodeNumber 7788; callDataChannel CDC { interceptStandard etsi; vendorId verint; ipInterfaceGroupName LIG1; liPolDipForRegdOodMsg enabled; rtcpInterception enabled; mediaIpInterfaceGroupName IPIG; mediationServer MS1 { signaling { ipAddress 10.54.78.20; portNumber 65300; protocolType tcp; mode inService; state enabled; } media { tcp { ipAddress 10.54.78.20; portNumber 65120; mode inService; state enabled; } udp { ipAddress 10.54.78.20; portNumber 65200; mode inService; state enabled; } } } } [ok]