Skip to main content
Biamp Systems

Disabling SRTP to a Media Gateway in Lync

Biamp Tesira VoIP-enabled products support Secure Real-Time Transport Protocol (SRTP) connections when possible.  This is a default connection method in Lync systems.  However in some circumstances you may find that a Media Gateway on a network does not support the use of SRTP, but the negotiation between Lync, the Tesira VoIP endpoint, and the Gateway end up attempting an SRTP exchange.  If this is the case it may be necessary to disable SRTP negotiation to the gateway itself.  This document details this process. 

Setting the Global Lync Settings

By default, Lync will require SRTP to be used in all connections.  This requirement must be removed before SRTP can be disabled in any specific connection.  Note that the result of these steps is to set the global setting as optional, but that does not mean that the SRTP requirement has been lifted globally.  Once the global SRTP setting is changed to optional, each individual option will need to be set. 

  1. Open the Lync Server Management Shell.  Note that there may be other options for configuring Lync via CLI, but in order to ensure these settings are accepted, this Lync Shell MUST be used. 
  2. Type the following command at the prompt

Get-CSMediaConfiguration

  1. Hit enter and take note of the Encryption Level.  The default Lync setting will be to require encryption.

 

  1. Enter the following command at the prompt to set the SRTP encryption to optional:

Set-CsMediaConfiguration -EncryptionLevel SupportEncryption

  1. Hit Enter.

Set SRTP Settings.png

  1. Confirm that the settings have changed by re-entering the Get command found in Step 2.  Encryption level should now read "SupportEncryption".

Setting SRTP Requirements at a Specific Gateway

Now that SRTP is set to be optional globally, SRTP support for individual devices can be set.  Here we will disable SRTP to a specific gateway.  Note that other connections within the Lync system may still require SRTP, but all connections to the selected Gateway will will be setup to not support SRTP.  In most cases, this is considered acceptable as the Gateway is connecting to unsecured PSTN lines. 

  1. In the Lync Control Panel, select Voice Routing and choose the Trunk Configuration tab. 
  2. Select the Gateway that will have SRTP disabled.

  1. Under the Encryption Support Level choose Not Supported
  2. Click OK
GW Encryption Level.png
  1. Select the Commit pull down menu
  2. Commit the change
  1. Confirm that the settings have taken by opening the Lync Server Management Shell
  2. Type the following command:

Get-CsTrunkConfiguration

  1. Locate the Identity of the Gateway on which the modification was done.
  2. Confirm that the SRTP Mode shows NotSupported.

Re-register the VoIP card

It is necessary to force the VoIP card to re-register with the system after making the above changes. This can be accomplished simply by unplugging the network connection to the VoIP port on the back of the Tesira, wait 5 seconds, then plug the cable back in.