Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Media Encryption Policy


What resources are available to us distributors/partners on all the new features of X7.2 but mainly the new 'Media Encryption Policy' and how it works.  I have had several people asky why they need more ports open for media encryption.



Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

New Media Encryption Policy

Would ask for some briefing session, but I would guess thats not the right forum for it, talk to your contacts within Cisco.

Did you check out:

So sure, things enhance, so the easiest answer which will match: enhancements and the vendor sais so.

Should be enough :-p

The key words in that guide regards the MEP would be "Uses B2BUA functionality".

If I  interpret it, it is two different call- or at least media legs, doubling up the port usage for these calls.

If you have a customer with 5 traversal call licenses you would most likely not need to change it.

I think its a bit strange that Cisco changed it by default as this can easily break existing firewall configs,

I would have made an alert for systems which have licenses were you might reach that limit stating

"to utilize the full licenses with MEP, please change your port range to: *number* and fix it in your firewall, ..."

and sure the standard documentation (release notes, admin guide) are always a good source.

Please remember to rate helpful responses and identify

Cisco Employee

Re: New Media Encryption Policy

Media Encryption Policy call may use up to 32 ports per call (8 port per leg and 4 legs per traversal/B2BUA call).

B2BUA now support up to 100 calls (initially up to 50 calls which 2,400 ports range was enough) therefore needed to increase the port range.

Please note, this port range is configurable and able to re-configure back to original (same as X7.1 specification) port range, if customer doesn’t use Media Encryption Policy (or/and less than 60 calls that use B2BUA call feature).

The Media Encryption Policy secure the call over internet (traversal call) by forcing the encryption call and also have flexible secure call with old Endpoint which doesn’t support encryption (encrypt the call on one leg).

Also this feature help secure call when next WebEx integration become available (secure 2-way media connection over internet).

CreatePlease login to create content