How to enable Lync Media Bypass over TCP (rather than TLS)
I’ve had this question a couple of times so thought it might make a good post.
Media-Bypass allows a Lync client and gateway to transmit media (RTP) directly between each other, you are “bypassing” the Mediation Server (in OCS media had to go via a mediation server). Signalling will still go via the Mediation Server. Note: Using TCP will mean your media traffic is running over the network in the clear.
Lync certified gateways should support Media Bypass. The default way to install these is with a TLS connection, but if for whatever reason you want to use TCP, Media Bypass is still supported. I have set this up with Sonus (NET) UX gateways and Cisco ISR’s, it should apply equally to other gateways.
There are three settings on Lync you need to get lined up.
Ensure your trunk to your gateway is setup to Encryption Not Supported and Enable Media Bypass is ticked
Ensure your CAC settings allow the gateway and users to do Media Bypass or you have always Bypass on
The above settings (apart from encryption) are the same on TLS, this is the unique setting:
set-csmediaconfiguration –identity global –encryptionlevel supportencryption
This allows the clients to make a non-encrypted connection directly to the gateway
The Sonus UX gateways have a nice feature on the Web GUI of showing you when calls are in Bypass with a “B” on the call watcher
You can also find out after a call via the monitoring server reports:
User Activity Report –> <user you want to look for> –> Details –> Media Quality Report –> Call Information –> Mediation Server bypass call (true/false). (source)