You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Configuring the Call Data Channel

To configure Call Data Channel (CDC):

Configuring the Node Number

As user ''Calea'', use the following commands to configure LI:

set addressContext default intercept nodeNumber 7788

Note
  • If the CDC is configured through the EMS, the node number is configured automatically by the EMS.
  • If the CDC is configured through the SBC, the node number must be configured along with the CDC on the SBC.

Configuring CDC with IP Interface Group

Note

To create CDC, refer to the section Configuring SBC For Lawful Interception.

set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIG1
commit
Note

Mediation server’s ipInterfaceGroup must be different from other signaling ipInterface groups. This ensures that LI doesn't use signaling ipAddress to send intercepted traffic (media/signaling) towards Mediation Server.

Configuring CDC for Intercept Flavor as IMS LI

For other options of configuring the intercept flavor as IMS LI, refer to the section Configuring SBC For Lawful Interception.

set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint mediaIpInterfaceGroupName LIG1 
commit

Configuring CDC for Media Interception Over TCP

set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp ipAddress 10.54.78.20 portNumber 65120 
commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp state enabled mode inService
commit 

Configuring CDC for Media Interception Over UDP

set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp ipAddress 10.54.78.20 portNumber 65200
commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 media udp state enabled mode inService
commit 

Configuring CDC for Signaling Interception

set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling ipAddress 10.54.78.20 portNumber 65300 protocolType tcp
commit
set addressContext default intercept callDataChannel CDC mediationServer MS1 signaling state enabled mode inService
commit
Note

The protocolType "udp" is not supported for Signaling interception in this release.

 

Configuring CDC for RTCP Interception

set addressContext default intercept callDataChannel CDC rtcpInterception enabled
commit
Note

The rtcpInterception parameter is visible, when interceptStandard and vendorId is configured as IMS LI.

Configuring CDC for "Li Pol Dip For Regd Ood Msg"

The parameter liPolDipForRegdOodMsg when enabled is used to indicate SBC to send policy request to PSX for registered Out-Of-Dialog requests(messages) to be intercepted. When this parameter is disabled, policy request is not sent to PSX for registered Out-Of-Dialog requests (messages).

Enable the support for Policy dip, for registered users out-of-dialog messages, to decide on interception, by executing the command

set addressContext default intercept callDataChannel CDC liPolDipForRegdOodMsg enabled
commit
Note

The liPolDipForRegdOodMsg  parameter is visible, when interceptStandard and vendorId is configured as IMS LI.

Configuring the SBC Core IPsec

As user ''Admin'', use the following commands to configure IPsec:

Note
  •  This optional configuration is needed if secure connection is required between the
    Unable to show "metadata-from": No such page "_space_variables"
    and the Mediation Server.  
  • The SBC does not support IPsec for media interception over UDP.
  • The SPD entry is required to create the following entries:
    • localIdentity ipAddress – The SBC Interface Group IP associated with the LI CDC.

    • remoteIdentity ipAddress – The Mediation Server IP configured in the LI CDC.

  • The Recommended setting for LI IPsec mode is 'transport'.

Info

For more information on IPsec configuration, refer to the section IP Security - CLI.

### create and configure IKE and IPsec protection profiles
   
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,_3DesCbc
  
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integrity hmacSha1,hmacMd5
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd
  
### create IKE peer
  
set addressContext default ipsec peer PRGGSX2 ipAddress 10.54.78.20 preSharedKey 00000000000000000000000000000000 localIdentity type ipV4Addr ipAddress 10.220.41.161
set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.54.78.20
set addressContext default ipsec peer PRGGSX2 protocol ikev1 protectionProfile PRGGSX2_IKE_PROT_PROF
  
### create an SPD rule for this IKE peer
  
set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001
set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.54.78.20 remoteIpPrefixLen 32
set addressContext default ipsec spd PRGGSX2_SPD action protect
set addressContext default ipsec spd PRGGSX2_SPD protocol 0
set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF
set addressContext default ipsec spd PRGGSX2_SPD mode transport
set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2
  
### enable IPsec on the IP interface group
  
set addressContext default ipInterfaceGroup LIG1 enabled

 

Viewing IMS LI Configuration

Enter the show commands to view the configurations.

Viewing the Intercept Details

To view the intercept details, execute the following command:

show status addressContext default intercept callDataChannel
callDataChannel CDC {
    mediationServerMediaStatus MS1 {
        tcpChannelstatus inService;
        tcpPacketsSent   0;
        tcpPacketsLost   0;
        udpPacketsSent   0;
        udpPacketsLost   0;
    }
    mediationServerSignalingStatus MS1 {
        tcpChannelStatus inService;
        DSRSuccess       0;
        DSRFailures      0;
    }
}
[ok]

Viewing the CDC Configuration

To view the CDC configuration, execute the following command:

show addressContext default intercept
nodeNumber 7788;
callDataChannel CDC {
    interceptStandard     etsi;
    vendorId              verint;
    ipInterfaceGroupName  LIG1;
    liPolDipForRegdOodMsg enabled;
    rtcpInterception      enabled;
    mediaIpInterfaceGroupName IPIG;
    mediationServer MS1 {
        signaling {
            ipAddress    10.54.78.20;
            portNumber   65300;
            protocolType tcp;
            mode         inService;
            state        enabled;
        }
        media {
            tcp {
                ipAddress  10.54.78.20;
                portNumber 65120;
                mode       inService;
                state      enabled;
            }
            udp {
                ipAddress  10.54.78.20;
                portNumber 65200;
                mode       inService;
                state      enabled;
            }
        }
    }
}
[ok]

 

  • No labels