<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Unfortunately I don’t manage the CUCM environment. Based on what I’ve read so far, CUCM SIP Trunks technically only support SRTP or RTP, but not both, in a SIP Invite. If both are present in the SIP Invite then CUCM only selects the first one in the list as opposed to choosing a preferred type. Doing it this way breaks the RFC which is my big pain point. The vendor for the equipment sending the invite isn’t going to change their spec and completely break the RFC to accommodate Cisco’s way of supporting SRTP. There are ways around this using the vendor’s equipment, but I was hoping that perhaps there is a way this can be accommodated within CUCM. <div><br><div><div>On May 30, 2014, at 12:20 PM, Brian Meade <<a href="mailto:bmeade90@vt.edu">bmeade90@vt.edu</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Can you send a CallManager SDI/SDL trace for one of these calls?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 30, 2014 at 12:14 PM, Mark Holloway <span dir="ltr"><<a href="mailto:mh@markholloway.com" target="_blank">mh@markholloway.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Yep, it’s TLS. Certificates are loaded.<div><div class="h5"><div><br></div><div><br>
<div><div>On May 30, 2014, at 11:48 AM, Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr">Mark,<div><br></div><div>Is the device actually using TLS for the signaling? I don't think CUCM will let you use SRTP if the signaling channel isn't encrypted.</div>
<div><br></div><div>Brian</div></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 30, 2014 at 11:41 AM, Mark Holloway <span dir="ltr"><<a href="mailto:mh@markholloway.com" target="_blank">mh@markholloway.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I’ve got a non-Cisco SIP device sending SIP Invites to CUCM (SIP Trunk). The SDP from my device includes RTP and sRTP in the SIP Invite. Reading Cisco docs it looks like the way Cisco expects sRTP to work is the SIP Invite should only include sRTP assuming if the call should be encrypted. If both RTP and sRTP are in the SDP, CUCM will always choose the first one in the list rather than the preferred type (sRTP in this example). In my case RTP is being listed first then sRTP, therefore CUCM will never choose sRTP even though that is what I prefer.<br>
<br>
Has anyone encountered this before and is there a way around it?<br>
<br>
Thanks,<br>
Mark<br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div><br></div>
</blockquote></div><br></div></div></div></div></blockquote></div><br></div>
</blockquote></div><br></div></body></html>