Virtual Office SRTP Service (Secure Real-time Transmission Protocol) encrypts telephone call media on Polycom handsets and Virtual Office desktop and mobile clients*, and de-encrypts the call at the session border controller (SBC) on 8x8's network.
For SRTP encryption to fully function, both parties on an SRTP-encrypted call must use 8x8 VO SRTP and one of the following:
- Polycom VVX handset
- Polycom Soundpoint IP
- Yealink handset
- Cisco 7x and 8x Series handset
- Panasonic DECT wireless handset
- 8x8 softphone clients
IETF Standard (RFC 3711) which ensures Encryption, Authentication, and Integrity.
8x8 SRTP meets Federal FISMA 140-2 standards.
Common Causes of Registration Issues
When registration is established between an SRTP-enabled device and the proxy, a TCP connection is established between the endpoint and server. Since TCP is a connection oriented protocol, if this connection is severed the device will lose registration. The TCP connection needs to maintain a connection with the registration server, whereas the devices using UDP registration (devices with SRTP disabled) do not.
This is most commonly identified when devices route intermittently between two data centers and can be identified in the Network Utility under the DNS testing for geo-routing.
Polycom firmware has been identified as an issue that can cause registration issues with SIP over TLS enabled. It is recommended to update the firmware to 126.96.36.19956 to mitigate this issue. Registration issues may still occur on this firmware version, however the registration issues are far less frequent than in previous firmware versions.
TCP Socket Has Been Reset or Closed
SIP over TLS uses TCP traffic for registration. If the TCP socket the device is communicating over has been reset or closed, the device will lose registration. Modifying the TCP Time Out and TCP Close Wait options where applicable on the firewall is recommended to mitigate this potential issue
Identifying SRTP-Enabled Lines in Configuration Manager
- Navigate to a user extension inside of Configuration Manager.
- Click "Voice basic settings" on the left sidebar.
- The "Enable Secure Real-time Protocol" will be blue if the setting is enabled.
Line Unregistered displays on the Polycom phones intermittently with SRTP enabled.
- Polycom phones
- TCP Time out and TCP Close Wait options need to be set to 300 if applicable in the firewall.
- Set the 8x8 GTM on the phones or the phone VLAN. Do not set the GTM on the data network.
- GTM 1: 188.8.131.52
- GTM 2: 184.108.40.206
- Update device firmware to 220.127.116.1147 with, this can be done by creating a case with 8x8 Support.
- If the issue persists, disable SRTP on all phones.
8x8 does not recommend using Google DNS on the phone network.