We are currently deploying the IP Viper sets on our Avaya CM which has software rel of 10.2, we can go secure internally with no problems between sets, using G711. When we make calls outside our network, mainly LD calls, the calls connect, but once you go secure it drops the call. I was told that this was a difference in codecs being used by different carriers, is this true, if so, how do you avoid this? we are using SIP trunks into our Avaya system, we were using PRI's but switched to SIP recently, and started having issues.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
vipers across LD networks
- Thread starter met1016
- Start date
Instructor of Avaya
Instructor
To the best of my knowledge, you CANNOT encrypt your calls to the PSTN.
First, the two parties to the phone call must be able to use the same encryption standard. Typically, that is AES (Advanced Encryption Standard) with 256 bits, but there are several choices of encryption standards. So, the first issue is how do the two parties agree to the encryption method. That is the role of the enhancement to the Session Description Protocol (SDP) known as Capability Negotiation (CapNeg). So, both endpoints must support CapNeg.
Next, to encrypt the RTP media traffic you SHOULD encrypt the SIP signaling traffic. AES is a symmetric encryption method, so the encryption/decryption key needs to be sent in the SIP signaling packets. It would be foolish to send that key in the clear text transport protocols of UDP or TCP. So, that requires using TLS for SIP and that in turn requires shared TLS certificates. That distribution of Certs with some random person out in the PSTN is a huge challenge.
Finally, the PSTN today is built using only SIP AND they only use UDP packets to carry SIP traffic. And TLS, by definition, cannot use UDP.
Encryption can work within your network because: You have distributed the certificates needed for TLS (BTW: CM does not use UDP for SIP; it only uses TCP or TLS). Next, within the IP Codec sets you have provided a limited and ranked set of Encryption standards for SRTP, and CM (not the endpoints) decide what encryption method will be used.
First, the two parties to the phone call must be able to use the same encryption standard. Typically, that is AES (Advanced Encryption Standard) with 256 bits, but there are several choices of encryption standards. So, the first issue is how do the two parties agree to the encryption method. That is the role of the enhancement to the Session Description Protocol (SDP) known as Capability Negotiation (CapNeg). So, both endpoints must support CapNeg.
Next, to encrypt the RTP media traffic you SHOULD encrypt the SIP signaling traffic. AES is a symmetric encryption method, so the encryption/decryption key needs to be sent in the SIP signaling packets. It would be foolish to send that key in the clear text transport protocols of UDP or TCP. So, that requires using TLS for SIP and that in turn requires shared TLS certificates. That distribution of Certs with some random person out in the PSTN is a huge challenge.
Finally, the PSTN today is built using only SIP AND they only use UDP packets to carry SIP traffic. And TLS, by definition, cannot use UDP.
Encryption can work within your network because: You have distributed the certificates needed for TLS (BTW: CM does not use UDP for SIP; it only uses TCP or TLS). Next, within the IP Codec sets you have provided a limited and ranked set of Encryption standards for SRTP, and CM (not the endpoints) decide what encryption method will be used.
I think you could try doing just plain G711 and not offer t38. AFAIK, the Viper phones do a V150.1 negotiation that is encapsulated within T38. I think you might be in a situation where t38 is offered by the carrier, and is transported end to end, but the media gateways in the PSTN between you and the destination don't support the V150.1 add-on to T38.
Or, you're getting converted from t38 to g711 in the PSTN and that might bug it up too.
A trace of the SDP being offered by the carrier might help, otherwise having a far end network region on the PSTN trunk that uses a G711 only codec set with no t38 would be the first thing I try. Jitter and packet loss might bug up the conversation, but i prefer PRIs for fax machines and you're putting Vipers on carrier SIP trunks. You are braver than I am!
Or, you're getting converted from t38 to g711 in the PSTN and that might bug it up too.
A trace of the SDP being offered by the carrier might help, otherwise having a far end network region on the PSTN trunk that uses a G711 only codec set with no t38 would be the first thing I try. Jitter and packet loss might bug up the conversation, but i prefer PRIs for fax machines and you're putting Vipers on carrier SIP trunks. You are braver than I am!
When the vIPer phone goes into secure mode the DSPs in your system think that it's a fax call when in reality it is a data (modem) call. vIPers have a soft modem built into them. So as @kyle555 states, if you offer T38 it will attempt to use it. What you need is a clear channel end to end. You should set up your codec set to use G711MU all the way to A1 on your SBC. This assumes your provider offers G.711MU (most do but you get contracted for when you bought your SIP trunks). On the codec set you use, Modem and Fax needs to be set to No on pg 2 and pg1 should only have G711MU, Encryption should be None (if you have media encryption enabled in customer options). Note that you will need to understand network-regions to accomplish this task. XoIP is ALWAYS a challenge so be prepared for LOTS of testing.
- Thread starter
- #5
Will not allowing T38 cause issues with faxing?
Similar threads
- Locked
- Question