establishing a plurality of security associations (SAs) for dialogs between sending clients and receiving clients, each SA including source information of a sending client and an indication of a receiving client;

receiving from a sending client an encrypted media packet sent using Real-time Transport Protocol (RTP) message format at a media-relay server, the encrypted media packet being sent to the destination address and the destination port;

determining whether the sending client's Security Association (SA) exists using the sender's source information received with the media packet the sender's source information being unencrypted and including a source address;

if no SA exists, dropping the media packet at the media-relay server; and

if a SA does exist, decrypting the media packet including decrypting a media packet Synchronization Source Identifier included in the media packet;

obtaining obtained Synchronization Source Identifier from the SA;

comparing the media packet Synchronization Source Identifier included in the decrypted media packet with the obtained Synchronization Source Identifier obtained from the SA;

if the media packet Synchronization Source Identifier included in the decrypted packet does not match the obtained Synchronization Source Identifier obtained from the SA, dropping the media packet;

and

if the media packet Synchronization Source Identifier in the decrypted packet matches to the obtained Synchronization Source Identifier obtained from the SA, forwarding the packet to a receiving client indicated in the SA based on the sender's source information

wherein a plurality of sending clients send media packets with different encrypted Synchronization Source Identifiers to the destination address and the destination port.