cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1259
Views
0
Helpful
13
Replies
Highlighted
Beginner

SRTP on H323 gateway IOS v 15.1

Hi all,

I have a problem with SRTP command on cisco  Gateway with IOS 15.5, this version don't permit this command:

gw(config)# voice service voip

gw(config-voi-serv)#srtp

but cisco's documents report that this version support srtp command, is this a bug or this version doesn't support it ?

Any help will be appreciated,

Thanks,

B.R.

13 REPLIES 13
Highlighted
Beginner

SUMMARY STEPS

    1. enable

    2. configure terminal

    3. dial-peer voice tag voip

    4. destination-pattern string

    5. session protocol sipv2

    6. session target ipv4: destination-address

    7. incoming called-number string

    8. codec codec

    9. end

    10. dial-peer voice tag voip

    11. Repeat Steps 4, 5, 6, and 7 to configure a second dial peer.

    12. srtp

    13. codec codec

    14. exit

please refer:

http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_proto/configuration/xe-3s/asr1000/voi-srtp-rtp-int.html

Highlighted

Thank you Babu,

We don't use "session protocol sipv2" in dial-peer and when we try srtp command we get: % Unrecognized command

B.R.

Highlighted

What is the exact version you are using on your GW ?

Mr. Veera has explained you the way to enable srtp per dial peer basis.. it does not matter if it is sip or h323..

You can try it..

Cheers !

Piyush

Highlighted

Hi B.R.,

Can u share the show version and show license feature output from your router?

Also, share licnese detail.

you need to have Universal image with security license PAK for srtp on ISR G2 router to work.For ISR series , u need to have Advanced Enterprise services image.

regds,

aman

Highlighted

Hi all,

This is the version of the IOS:

GW#sh version

Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Mon 19-Jul-10 03:07 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)

GW uptime is 5 days, 20 hours, 43 minutes

System returned to ROM by reload at 12:50:09 UTC Tue Sep 10 2013

System restarted at 12:51:38 UTC Tue Sep 10 2013

System image file is "flash0:c2951-universalk9_npe-mz.SPA.151-1.T1.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco CISCO2951/K9 (revision 1.1) with 483328K/40960K bytes of memory.

Processor board ID FCZ144421G9

3 Gigabit Ethernet interfaces

2 ISDN Basic Rate interfaces

4 Voice FXO interfaces

DRAM configuration is 72 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device#   PID                   SN

-------------------------------------------------

*0        CISCO2951/K9          FCZ144421G9    

Technology Package License Information for Module:'c2951'

----------------------------------------------------------------

Technology    Technology-package          Technology-package

              Current       Type          Next reboot 

-----------------------------------------------------------------

ipbase        ipbasek9      Permanent     ipbasek9

security      securityk9_npeEvaluation    securityk9_npe

uc            uck9          Permanent     uck9

data          None          None          None

Highlighted

HI Aziz,

I think  u need to have UniversalK9 image which supports secure unified communications.

You are using npe [no payload encryption] image which does not support.

Can u try downloading the image and generate eval license , test whether the srtp command is coming or not?

regds,

aman

Highlighted

Hi B.R.,

Any updates ?

regds,

aman

Highlighted

Hi,

Thank you for your interest, well my colleague said that they tried C2951-UNIVERSALK9 image first and the srtp command didn't work, then they installed securityk9_npe evaluation license and also it didn't work.

I can't find a cisco document that explain the prerequists of this configuration !!

BR

Highlighted

Highlighted

Hi All,

We tested the UniversalK9 image and it also doesn't work !!

BR,

Aziz

Highlighted

Hi Aziz,

Can u share the show version and show licnese feature/detail  output from router ?

regds,

aman

Highlighted

Hi Aman,

this is the show commands :

GW#sh vers

Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Mon 19-Jul-10 03:07 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)

GW uptime is 2 weeks, 6 days, 20 hours, 50 minutes

System returned to ROM by reload at 12:50:09 UTC Tue Sep 10 2013

System restarted at 12:51:38 UTC Tue Sep 10 2013

System image file is "flash0:c2951-universalk9_npe-mz.SPA.151-1.T1.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco CISCO2951/K9 (revision 1.1) with 483328K/40960K bytes of memory.

Processor board ID FCZ144421G9

3 Gigabit Ethernet interfaces

2 ISDN Basic Rate interfaces

4 Voice FXO interfaces

DRAM configuration is 72 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device#   PID                   SN

-------------------------------------------------

*0        CISCO2951/K9          FCZ144421G9    

Technology Package License Information for Module:'c2951'

----------------------------------------------------------------

Technology    Technology-package          Technology-package

              Current       Type          Next reboot 

-----------------------------------------------------------------

ipbase        ipbasek9      Permanent     ipbasek9

security      securityk9_npeEvaluation    securityk9_npe

uc            uck9          Permanent     uck9

data          None          None          None

Configuration register is 0x2102

GW#sh license feature

Feature name             Enforcement  Evaluation  Subscription   Enabled

ipbasek9                 no           no          no             yes 

securityk9_npe           yes          yes         no             yes 

uck9                     yes          yes         no             yes 

datak9                   yes          yes         no             no  

gatekeeper               yes          yes         no             no  

LI                       yes          no          no             no  

ios-ips-update           yes          no          yes            no  

SNASw                    yes          yes         no             no  

GW#sh license detail

Index: 1        Feature: SNASw                             Version: 1.0

        License Type: Evaluation

        License State: Active, Not in Use, EULA not accepted

            Evaluation total period: 8  weeks 4  days

            Evaluation period left: 8  weeks 4  days

        License Count: Non-Counted

        License Priority: None

        Store Index: 4

        Store Name: Evaluation License Storage

Index: 2        Feature: datak9                            Version: 1.0

        License Type: Evaluation

        License State: Active, Not in Use, EULA not accepted

            Evaluation total period: 8  weeks 4  days

            Evaluation period left: 8  weeks 4  days

        License Count: Non-Counted

        License Priority: None

        Store Index: 2

        Store Name: Evaluation License Storage

Index: 3        Feature: gatekeeper                        Version: 1.0

        License Type: Evaluation

        License State: Active, Not in Use, EULA not accepted

            Evaluation total period: 8  weeks 4  days

            Evaluation period left: 8  weeks 4  days

        License Count: Non-Counted

        License Priority: None

        Store Index: 3

        Store Name: Evaluation License Storage

Index: 4        Feature: ipbasek9                          Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: Non-Counted

        License Priority: Medium

        Store Index: 0

        Store Name: Primary License Storage

Index: 5        Feature: securityk9                        Version: 1.0

        License Type: Evaluation

        License State: Active, Not in Use, EULA accepted

            Evaluation total period: 8  weeks 4  days

            Evaluation period left: 8  weeks 4  days

        License Count: Non-Counted

        License Priority: Low

        Store Index: 2

        Store Name: Primary License Storage

Index: 6        Feature: securityk9_npe                    Version: 1.0

        License Type: Evaluation

        License State: Active, In Use

            Evaluation total period: 8  weeks 4  days

            Evaluation period left: 5  weeks 4  days

            Expiry date: Nov 09 2013 12:31:08

        License Count: Non-Counted

        License Priority: Low

        Store Index: 0

        Store Name: Evaluation License Storage

Index: 7        Feature: uck9                              Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: Non-Counted

        License Priority: Medium

        Store Index: 1

        Store Name: Primary License Storage

Index: 8        Feature: uck9                              Version: 1.0

        License Type: Evaluation

        License State: Inactive

            Evaluation total period: 8  weeks 4  days

            Evaluation period left: 8  weeks 4  days

        License Count: Non-Counted

        License Priority: None

        Store Index: 1

        Store Name: Evaluation License Storage

Highlighted

Hi Aziz,

show version still shows npe image.

you need to have image univerasalk9 without npe.

regds,

aman

Content for Community-Ad