Virtual Office SRTP Service (Secure Real-time Transmission Protocol) encrypts telephone call media on Polycom handsets and Virtual Office desktop and mobile clients*, and de-encrypts the call at the session border controller (SBC) on 8x8's network.
For SRTP encryption to fully function, both parties on an SRTP-encrypted call must use 8x8 VO SRTP and one of the following:
- Polycom VVX handset
- Polycom Soundpoint IP
- Yealink handset
- Cisco 7x and 8x Series handset
- Panasonic DECT wireless handset
- 8x8 softphone clients
IETF Standard (RFC 3711) which ensures Encryption, Authentication, and Integrity.
8x8 SRTP meets Federal FISMA 140-2 standards.
Common Causes of Registration Issues
When registration is established between a SRTP enabled device and the proxy, a TCP connection is established between the endpoint and server. Since TCP is a connection oriented protocol, if this connection is severed the device will lose registration. The TCP connection needs to maintain a connection with the registration server, whereas the devices using UDP registration (devices with SRTP disabled) do not.
This is most commonly identified when devices route intermittently between 2 data centers and can be identified in the Network Utility under the DNS testing for geo-routing.
Polycom firmware has been identified as an issue that can cause registration issues with SIP over TLS enabled. It is recommended to update the firmware to 18.104.22.16856 to mitigate this issue. Registration issues may still occur on this firmware version, however the registration issues are far less frequent than in previous firmware versions.
The TCP Socket has been reset or closed
SIP over TLS uses TCP traffic for registration. If the TCP socket the device is communicating over has been reset or closed, the device will lose registration. Modifying the TCP Time Out and TCP Close Wait options where applicable on the firewall is recommended to mitigate this potential issue
Identifying SRTP Enabled lines in Configuration Manager
- Navigate to a user extension inside of Configuration Manager
- Click "Voice basic settings" on the left sidebar
- The "Enable Secure Real-time Protocol" will be blue if the setting is enabled
Line Unreigstered displays on the Polycom phones intermittently with SRTP enabled
- Verify firewall settings.
- TCP Time out and TCP Close Wait options need to be set to 300 if applicable in the firewall
- Set the 8x8 GTM on the phones or the phone VLAN. Do not set the GTM on the data network
- GTM 1: 22.214.171.124
- GTM 2: 126.96.36.199
- Update device firmware to 188.8.131.5256 with, this can be done by Contacting 8x8 Support
- If the issue persists, disable SRTP on all phones
8x8 does not recommend using Google DNS on the phone network.