• H.323 device generates the SRTP session keys and sends them to Cisco Unified Communication Manager
• This key exchange is not protected (that is, keys are sent in cleartext).
• IPSec should be used to protect key exchange

• Enable SRTP

• Enable SRTP with no fall back
• SRTP must be used
• Fallback to non secure is not allowed

dial-peer voice 2 voip
  incoming called-number 915125552001
  srtp

• Enable SRTP with fall back.
• Uses system fallback setting
• Can fall back to non secure mode

voice service voip
  srtp fallback
!
dial-peer voice 3 voip
  incoming called-number 91552.......
  srtp system