03-29-2023 08:43 PM - edited 03-29-2023 08:54 PM
This is probably an easy one to answer but I’ve tried finding something authoritative on the traffic encryption particulars on expressway c and e in MRA configuration. A quick glance revealed some info but now I can’t seem to find it again to reference. So, In the port diagrams it showed a wide port range for RTP, one side ephemeral I guess, and then double NATs if I remember right. But the Cisco port map diagram for MRA show just RTP and not SRTP. The encryption setting in Expressway can be set so that it encrypts traffic, so I’m curious if this simply enables SRTP or not? If not, how or what is this encryption mechanism? it can be encrypted so that starting at E and onto public traffic is encrypted? I remember that securing the Expressway backend is also an option from c.
been a bit since I’ve tinkered in expressway. Would be nice to know I’m not off the mark here
Solved! Go to Solution.
03-29-2023 11:25 PM
I haven't read your full post but:
Between the external client and EXP-E is encrypted (SIP/TLS and sRTP), the same between EXP-E and EXP-C per default.
Between EXP-C and internal, it is unencrypted SIP and RTP per default.
And no, there is no double NAT.
03-29-2023 11:25 PM
I haven't read your full post but:
Between the external client and EXP-E is encrypted (SIP/TLS and sRTP), the same between EXP-E and EXP-C per default.
Between EXP-C and internal, it is unencrypted SIP and RTP per default.
And no, there is no double NAT.
03-30-2023 11:36 AM
Thanks for the input and you answered my primary question concerning encryption!
you're right, it isn't double NATing but i have to ask another question now. So the below traffic path I enumerated, seems like it's some kind port mapping? makes me think its some kind of underlying nature of the zone traversal mechanism?
I highlighted just the RTP below, though it's probably a broader question here.
03-31-2023 08:53 AM
It's not a classical port mapping between your point 1 to 2 and 3 to 4.
The Expressway just receives the traffic on one end (using the defined port range for receive and transmit) and forwards it internally to the other end (using another defined port range for receive and transmit).
It's like in a router when a packet traverses the back plane between the receiving interface and sending interface.
05-21-2024 11:36 AM
b.winter. Good afternoon, can you point me to any official documentation that discusses the encryption and/or lack thereof that you referenced in your response. I 'm having a similar situation in that I've been asked to document where signalling and media are or are not encrypted, but I need to be able to list references
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide