09-13-2013 02:03 AM - edited 03-16-2019 07:21 PM
Hi all,
I have a problem with SRTP command on cisco Gateway with IOS 15.5, this version don't permit this command:
gw(config)# voice service voip
gw(config-voi-serv)#srtp
but cisco's documents report that this version support srtp command, is this a bug or this version doesn't support it ?
Any help will be appreciated,
Thanks,
B.R.
09-13-2013 04:12 AM
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. destination-pattern string
5. session protocol sipv2
6. session target ipv4: destination-address
7. incoming called-number string
8. codec codec
9. end
10. dial-peer voice tag voip
11. Repeat Steps 4, 5, 6, and 7 to configure a second dial peer.
12. srtp
13. codec codec
14. exit
please refer:
09-13-2013 04:31 AM
Thank you Babu,
We don't use "session protocol sipv2" in dial-peer and when we try srtp command we get: % Unrecognized command
B.R.
09-14-2013 02:03 PM
What is the exact version you are using on your GW ?
Mr. Veera has explained you the way to enable srtp per dial peer basis.. it does not matter if it is sip or h323..
You can try it..
Cheers !
Piyush
09-14-2013 09:20 PM
Hi B.R.,
Can u share the show version and show license feature output from your router?
Also, share licnese detail.
you need to have Universal image with security license PAK for srtp on ISR G2 router to work.For ISR series , u need to have Advanced Enterprise services image.
regds,
aman
09-16-2013 02:00 AM
Hi all,
This is the version of the IOS:
GW#sh version
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 03:07 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)
GW uptime is 5 days, 20 hours, 43 minutes
System returned to ROM by reload at 12:50:09 UTC Tue Sep 10 2013
System restarted at 12:51:38 UTC Tue Sep 10 2013
System image file is "flash0:c2951-universalk9_npe-mz.SPA.151-1.T1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco CISCO2951/K9 (revision 1.1) with 483328K/40960K bytes of memory.
Processor board ID FCZ144421G9
3 Gigabit Ethernet interfaces
2 ISDN Basic Rate interfaces
4 Voice FXO interfaces
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2951/K9 FCZ144421G9
Technology Package License Information for Module:'c2951'
----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9_npeEvaluation securityk9_npe
uc uck9 Permanent uck9
data None None None
09-16-2013 02:53 AM
HI Aziz,
I think u need to have UniversalK9 image which supports secure unified communications.
You are using npe [no payload encryption] image which does not support.
Can u try downloading the image and generate eval license , test whether the srtp command is coming or not?
regds,
aman
09-22-2013 08:02 PM
Hi B.R.,
Any updates ?
regds,
aman
09-23-2013 01:39 AM
Hi,
Thank you for your interest, well my colleague said that they tried C2951-UNIVERSALK9 image first and the srtp command didn't work, then they installed securityk9_npe evaluation license and also it didn't work.
I can't find a cisco document that explain the prerequists of this configuration !!
BR
09-23-2013 01:57 AM
Hi Aziz,
You can refer the DOC.
https://www.cisco.com/en/US/prod/collateral/routers/ps10536/qa_c67_606268.pdf
regds,
aman
10-01-2013 01:54 AM
Hi All,
We tested the UniversalK9 image and it also doesn't work !!
BR,
Aziz
10-01-2013 01:59 AM
Hi Aziz,
Can u share the show version and show licnese feature/detail output from router ?
regds,
aman
10-01-2013 02:10 AM
Hi Aman,
this is the show commands :
GW#sh vers
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 03:07 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)
GW uptime is 2 weeks, 6 days, 20 hours, 50 minutes
System returned to ROM by reload at 12:50:09 UTC Tue Sep 10 2013
System restarted at 12:51:38 UTC Tue Sep 10 2013
System image file is "flash0:c2951-universalk9_npe-mz.SPA.151-1.T1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco CISCO2951/K9 (revision 1.1) with 483328K/40960K bytes of memory.
Processor board ID FCZ144421G9
3 Gigabit Ethernet interfaces
2 ISDN Basic Rate interfaces
4 Voice FXO interfaces
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2951/K9 FCZ144421G9
Technology Package License Information for Module:'c2951'
----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9_npeEvaluation securityk9_npe
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
GW#sh license feature
Feature name Enforcement Evaluation Subscription Enabled
ipbasek9 no no no yes
securityk9_npe yes yes no yes
uck9 yes yes no yes
datak9 yes yes no no
gatekeeper yes yes no no
LI yes no no no
ios-ips-update yes no yes no
SNASw yes yes no no
GW#sh license detail
Index: 1 Feature: SNASw Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: None
Store Index: 4
Store Name: Evaluation License Storage
Index: 2 Feature: datak9 Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: None
Store Index: 2
Store Name: Evaluation License Storage
Index: 3 Feature: gatekeeper Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: None
Store Index: 3
Store Name: Evaluation License Storage
Index: 4 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 0
Store Name: Primary License Storage
Index: 5 Feature: securityk9 Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: Low
Store Index: 2
Store Name: Primary License Storage
Index: 6 Feature: securityk9_npe Version: 1.0
License Type: Evaluation
License State: Active, In Use
Evaluation total period: 8 weeks 4 days
Evaluation period left: 5 weeks 4 days
Expiry date: Nov 09 2013 12:31:08
License Count: Non-Counted
License Priority: Low
Store Index: 0
Store Name: Evaluation License Storage
Index: 7 Feature: uck9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 1
Store Name: Primary License Storage
Index: 8 Feature: uck9 Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: Non-Counted
License Priority: None
Store Index: 1
Store Name: Evaluation License Storage
10-01-2013 02:31 AM
Hi Aziz,
show version still shows npe image.
you need to have image univerasalk9 without npe.
regds,
aman
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: