3Com® VCX V7111 VoIP Gateway User Guide 321CHAPTER 12: SECURITYThis section describes the security mechanisms and protocols implemented on the V7111gateway. The following list specifies the available security protocols and their objectives: IPSec and IKE protocols are part of the IETF standards for establishing a secured IPconnection between two applications. IPSec and IKE are used in conjunction to providesecurity for control and management protocols but not for media (see IPSec and IKE). SSL ( Secure Socket Layer) / TLS (Transport Layer Security) – The SSL / TLS protocolsare used to provide privacy and data integrity between two communicating applicationsover TCP/IP. They are used to secure the following applications: SIP Signaling (SIPS),Web access (HTTPS) and Telnet access (see SSL/TLS). Secured RTP (SRTP) according to RFC 3711, used to encrypt RTP and RTCP transport(see SRTP). RADIUS (Remote Authentication Dial-In User Service) - RADIUS server is used to enablemultiple-user management on a centralized platform (see RADIUS Login Authentication). Internal Firewall allows filtering unwanted inbound traffic (see Internal Firewall).IPSec and IKEIPSecurity (IPSec) and Internet Key Exchange (IKE) protocols are part of the IETF standardsfor establishing a secured IP connection between two applications (also referred to aspeers). Providing security services at the IP layer, IPSec and IKE are transparent to IPapplications.IPSec and IKE are used in conjunction to provide security for control and management (forexample, SNMP and Web) protocols but not for media (that is, RTP, RTCP and T.38).IPSec is responsible for securing the IP traffic. This is accomplished by using theEncapsulation Security Payload (ESP) protocol to encrypt the IP payload (see Figure 120).The IKE protocol is responsible for obtaining the IPSec encryption keys and encryptionprofile, known as IPSec Security Association (SA).Figure 120 IPSec Encryption