The media gateway is creating a security loophole, as the gateway
does not support master key identifi ers (MKIs), TLS, or SRTP, so you should not trust it. The
two NICs in the Mediation Server create a separation between the two networks, with one
NIC accepting traffi c from the internal network and the other accepting traffi c from the media
gateway. (In the exercises in this chapter, we will confi gure each card with a separate listening
address so that there is a separation between trusted and untrusted network traffi c). The internal
edge port defaults to 5061 and the external edge port defaults to 5060.
When you install the Mediation Server role using the Deployment Wizard, it will detect both
network cards and will write their addresses to the OCS listening IP addresses and to the gateway
listening address. You will fi nd both on the General tab of the Mediation Server properties.
The media bandwidth for the basic gateway is 64,000 bps for each concurrent call. If you
multiply the number of ports by this number, you will get an estimate of the required bandwidth
180 Chapter 6 ??? Confi guring the Mediation Server
on the gateway side of the Mediation Server. The default port range is 60,000??“64,000, which
enables the server to handle up to 1,000 simultaneous voice calls.
Encryption is used for traffi c fl owing in both directions between the OCS and the Mediation
Server. Traffi c is encrypted using SRTP. You are encouraged to create an exception for the
media port range if you have deployed IP Security (IPSec) for packet security, as it will slow
down traffi c.
Pages:
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231