diff --git a/src/include/switch_types.h b/src/include/switch_types.h
index 20935c1f26..373751af23 100644
--- a/src/include/switch_types.h
+++ b/src/include/switch_types.h
@@ -101,12 +101,14 @@ SWITCH_DECLARE_DATA extern switch_directories SWITCH_GLOBAL_dirs;
     SWITCH_RTP_FLAG_NOBLOCK      - Do not block
     SWITCH_RTP_FLAG_IO           - IO is ready
 	SWITCH_RTP_FLAG_USE_TIMER    - Timeout Reads and replace with a CNG Frame
+	SWITCH_RTP_FLAG_SECURE       - Secure RTP
 </pre>
  */
 typedef enum {
 	SWITCH_RTP_FLAG_NOBLOCK = ( 1 << 0),
 	SWITCH_RTP_FLAG_IO = (1 << 1),
-	SWITCH_RTP_FLAG_USE_TIMER = (1 << 2)
+	SWITCH_RTP_FLAG_USE_TIMER = (1 << 2),
+	SWITCH_RTP_FLAG_SECURE = (1 << 3)
 } switch_rtp_flag_t;
 
 /*!
diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index d2973bd102..2801a41168 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -276,6 +276,7 @@ SWITCH_DECLARE(switch_status) switch_rtp_create(switch_rtp **new_rtp_session,
 	if (crypto_key) {
 		int len;
 
+		switch_set_flag(rtp_session, SWITCH_RTP_FLAG_SECURE);
 		crypto_policy_set_rtp_default(&policy.rtp);
 		crypto_policy_set_rtcp_default(&policy.rtcp);
 		policy.ssrc.type  = ssrc_specific;
@@ -463,6 +464,11 @@ static int rtp_common_read(switch_rtp *rtp_session, void *data, int *payload_typ
 	for(;;) {
 		bytes = sizeof(rtp_msg_t);	
 		status = switch_socket_recvfrom(rtp_session->from_addr, rtp_session->sock, 0, (void *)&rtp_session->recv_msg, &bytes);
+		if (switch_test_flag(rtp_session, SWITCH_RTP_FLAG_SECURE)) {
+			int sbytes = (int)bytes;
+			srtp_unprotect(rtp_session->recv_ctx, &rtp_session->send_msg, &sbytes);
+			bytes = sbytes;
+		}
 
 		if (switch_test_flag(rtp_session, SWITCH_RTP_FLAG_USE_TIMER)) {
 			if (!switch_test_flag(rtp_session, SWITCH_RTP_FLAG_IO)) {
@@ -562,6 +568,12 @@ static int rtp_common_write(switch_rtp *rtp_session, void *data, uint32_t datale
 	}
 	
 	bytes = datalen + rtp_header_len;
+	if (switch_test_flag(rtp_session, SWITCH_RTP_FLAG_SECURE)) {
+		int sbytes = (int)bytes;
+		srtp_protect(rtp_session->send_ctx, &rtp_session->send_msg, &sbytes);
+		bytes = sbytes;
+	}
+
 	switch_socket_sendto(rtp_session->sock, rtp_session->remote_addr, 0, (void*)&rtp_session->send_msg, &bytes);
 
 	if (rtp_session->ice_user) {