PhoneProxy Enable SCCP Security

Unanswered Question
Jul 28th, 2007
User Badges:

I'm trying to enable secure SCCP through our PhoneProxy. from the cli on the proxy i've entered 'set phoneproxy sccp security on' then following the directions in the Admin guide. I've gone to the ProxyAdmin tool and choose the "update cluster information" option. The application downloads the files and i can see them in the temp folder. I'm then prompted to "please plug in the eToken then click OK to sign control file." There is no indication in the instructions where to "plug in the eToken". If anyone has had any luck please hellp :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jason Aarons Sun, 07/29/2007 - 16:23
User Badges:
  • Bronze, 100 points or more

An eToken is the USB key used (two should have been used for safekeeping) when you configured CallManager/CTL for secure SCCP.

If you didn't setup the phones/callmanager for CTL/Secure SCCP then PhoneProxy pass SRTP.

aknight Sun, 07/29/2007 - 18:43
User Badges:

Jason - Thanks for the response..

According to the doc's, using the CLI you turn on the Secure SCCP, then goto the Admin tool and update proxy. This downloads the keys that were created during the enable process (i can see the keys in the temp workspace). There's no mention of the keys needing to be copied anywhere. This would not be so confusing if there was a dialog box to point to the location of the keys that the admin tool downloaded..

From your response, perhaps i need to be physically at the box to capture the keys to a USB stick(s)? I still don't see how these would get into the Admin tool though.. Any additional comments are much appreciated..

dbethke Mon, 08/06/2007 - 13:23
User Badges:

I admit, we need a few more sentences in the admin guide to explain where you should stick those keys. This will be addressed in the next revision of the document, but until then...

The keys (USB eTokens) should be inserted into a USB port on the administrator's PC, which is running the Managment Console (not into the actual PhoneProxy hardware). After the first key is inserted and read, the Management Console software will prompt for the next key. After that the software will sign the files with the info from the keys and then you're ready to publish that info back to the PhoneProxy.


This Discussion