Greetings community,

well this is my first topic over here, so please be patient. I'm facing this scenario with the hope of a possible technical solution:

Requirements:

SIP trunk between 2 CUCM clusters (release 10.5.2 and release 9.1.2)
Signalling and Media Encryption
Option "MTP Required" since Enterprise Security division demands to keep voice networks segregated and allow only the traffic between CUCM nodes.


Actual Scenario:

SIP Trunks configured and working using "MTP required" and G.711alaw on both clusters.
SIP Trunks use their secure sip trunk profile and have SRTP flags checked on both clusters.
All CUCM nodes certificates exchanged and configured in SIP trunk security profile - The signalling is effectively encrypted as a traffic capture shows.
Once the call is in place, the media is not encrypted (no lock icon - no SRTP).


Trunks on both clusters use the MTPs defined in their MRGL-MRG (CUCM software MTPs only - I know that this kind of MTPs only work with G.711 and have pass-through set to true).
Phones support encryption, clusters are in mixed mode, LSC installed on the phones and those have a security profile configured. In fact phones are able to place encrypted calls (lock icon) when used within their rispective clusters.

I've read that the "MTP required" option doesn't support SRTP, because statically assigned MTPs don't support codec pass-through; anyway in my case this is apparently a contraddiction, since CUCM software MTPs support pass-through.

I've spent several hours trying to figure out this scenario with no success. Can anyone help me?

Thanks in advance and kind regards