Disabling SRTP to a Media Gateway in Lync
Biamp Tesira VoIP-enabled products support Secure Real-Time Transport Protocol (SRTP) connections when possible. This is a default connection method in Lync systems. However in some circumstances you may find that a Media Gateway on a network does not support the use of SRTP, but the negotiation between Lync, the Tesira VoIP endpoint, and the Gateway end up attempting an SRTP exchange. If this is the case it may be necessary to disable SRTP negotiation to the gateway itself. This document details this process.
Setting the Global Lync Settings
By default, Lync will require SRTP to be used in all connections. This requirement must be removed before SRTP can be disabled in any specific connection. Note that the result of these steps is to set the global setting as optional, but that does not mean that the SRTP requirement has been lifted globally. Once the global SRTP setting is changed to optional, each individual option will need to be set.
- Open the Lync Server Management Shell. Note that there may be other options for configuring Lync via CLI, but in order to ensure these settings are accepted, this Lync Shell MUST be used.
- Type the following command at the prompt
- Hit enter and take note of the Encryption Level. The default Lync setting will be to require encryption.
- Enter the following command at the prompt to set the SRTP encryption to optional:
Set-CsMediaConfiguration -EncryptionLevel SupportEncryption
- Hit Enter.
- Confirm that the settings have changed by re-entering the Get command found in Step 2. Encryption level should now read "SupportEncryption".
Setting SRTP Requirements at a Specific Gateway
Now that SRTP is set to be optional globally, SRTP support for individual devices can be set. Here we will disable SRTP to a specific gateway. Note that other connections within the Lync system may still require SRTP, but all connections to the selected Gateway will will be setup to not support SRTP. In most cases, this is considered acceptable as the Gateway is connecting to unsecured PSTN lines.
Re-register the VoIP card
It is necessary to force the VoIP card to re-register with the system after making the above changes. This can be accomplished simply by unplugging the network connection to the VoIP port on the back of the Tesira, wait 5 seconds, then plug the cable back in.