Collapse AllExpand All

18.3. Configuration Previous topic Parent topic Child topic Next topic

Before configuring the Signaling and Payload Encryption (SPE) feature in an OpenScape 4000 system, make sure that all prerequisites are met (see Section 3.1, “Prerequisites”Once this has been assured, you can configure the individual functions as required.
Short overview of the necessary steps for activation / deactivation of the SPE feature on an OpenScape 4000 system.
  1. Activation / deactivation of SPE for subscriber gateways
  2. Activation of this feature will encrypt the signaling / payload between endpoints (subscriber gateways, vHG 3500, HFA/ SIP subscriber, etc.) with TLS/SRTP. This is configured with the PKI (Public Key Infra­structure) process. Activation / deactivation in the system is performed with AMO ZANDE. Make sure to use the correct secure port: TLSP (for HFA and H323) / PORTTLS1 (for SIP) parameter from AMO CGWB. The default values are 4061 / 5061. For more information, please refer to Section 3.2, “Activation / Deactivation of SPE for Gateways with AMO CGWB”.
    IMPORTANT:
    The key material for trunking and HFA is exchanged for gateways in an Access Point/OpenScape 4000 SoftGate via the HSR connection. If the HSR connection is not secure then the key material is exposed in clear text. SPE must therefore also be activated for OpenScape 4000 SoftGate/IPDA Access Points (see Section 3.5, “Activation / Deactivation of SPE for Access Points”).
  3. Activation / deactivation of SPE for trunks
  4. Activation of this feature will encrypt the signaling / payload on the trunk.
    Activation / deactivation is performed by changing the security mode in AMO TDCSU, AMO GKREG. For more information, please refer to Section 3.3, “Trunk SPE Activation / Deactivation”.
  5. Activation / deactivation of SPE for subscribers
  6. Activation of this feature will encrypt the signaling / payload between subscribers and the gateways. Activation / deactivation is performed by changing the security mode of the subscribers with AMO SDAT / WBM. For more information, please refer to Section 3.4, “Subscriber SPE Activation / Deactivation”.
  7. Activation / deactivation of SPE for access points
  8. Activation will encrypt the signaling / payload between established HSR connections with PEP (Proprietary Encryption Protocol) / SRTP. This feature is configured by the SPE administration client process. Activation / deactivation in the system is performed with AMO SIPCO. For more information, see Section 3.5, “Activation / Deactivation of SPE for Access Points”.
  9. Activation / deactivation of SPE for OpenScape 4000 SoftGate
  10. Activation will encrypt the signaling / payload between established HSR connections with PEP (Proprietary Encryption Protocol) / SRTP. This feature is configured by the MEK administration client process. For more information please see Section 3.6, “OpenScape 4000 SoftGate SPE Activation / Deactivation”.
${DocTitle}, ID: ${DocID}
© 03/2026 Mitel Networks Corporation. All rights reserved. Mitel and the Mitel logo are trademark(s) of Mitel Networks Corporation. Unify and associated marks are trademarks of Unify Software and Solutions GmbH & Co. KG. All other trademarks herein are the property of their respective owners.