I am trying to figure out how to configure SRTP on my SIP dial-peers. Here is my configuration. I have SCCP phoned off of each CME box. I only want to run SRTP between the 2 sites.
voice service voip
srtp
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
h323
emptycapability
sip
bind control source-interface Vlan20
bind media source-interface Vlan20
subscription maximum accept 5
registrar server expires max 600 min 60
srtp negotiate cisco
dial-peer voice 200 voip
destination-pattern 4....
session protocol sipv2
session target ipv4:192.168.10.2
codec g711ulaw
There is a similar configration on the other box with a dial-peer pointing back to this one. If I turn on SRTP fallback, I get RTP traffic between the two sites. With just SRTP turned on, the call fails due Status 488 Not Acceptable Media. Do I need to set up crypto keys at each site and somehow authenticate the boxes to eachother?