According to the Voice Ignite documentation the 'PC2PCAVEncryption' client-side group policy setting can override the server-side A/V Conferencing encryption settings. Pre-2007 clients only support TLS but OCS (including R2) clients will use Secure Realtime Protocol (SRTP) for communications. Also keep in mind that an ExchangeUM dialpan will need to be set to SIPSecured as well if SRTP is used.
Here are some more details on the PC2PCAVEncryption group policy setting for the OC client:
http://blogs.technet.com/ucspotting/archive/2008/12/24/connecting-communicator-r2-to-exchange-um.aspx
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS