04-09-2008 02:48 AM - edited 03-15-2019 09:56 AM
We are running CCM 4.1(3). Someone from Network Team found out that it's possible to capture Voice packets using sniffer tools like Observer, Ethereal etc & they were able to recreate the Voice packets & snoop in on the conversation. Is it possible to encrypt the RTP streams?
Solved! Go to Solution.
04-09-2008 04:53 AM
Hi Abhijit,
Glad to hear things are going better for you! Here is the similar doc for H.323;
Media and Signaling Authentication and Encryption Feature for Cisco IOS H.323 Gateways
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htsecure.html
We did get the ES from Cisco so we are trying the upgrade again this Saturday :)
Hope this helps!
Rob
04-09-2008 05:49 AM
Haha looks like rob beat me to the punch! Yes as Rob posted above it is possible for H323 configurations. Like I said I did not roll out it to mass production so I really cant speak for the load that the Pub may be under. Seeing that you are in a 1 ccm environment, and everything else that that box is doing (moh,conferencing,ect...) that may be something to watch for.
04-09-2008 02:53 AM
There is an option called SRTP. I have only set it up in a lab environment and not in actual production. Here is a good link to get you started.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtsecure.html#wp1093819
04-09-2008 04:07 AM
Don`t you just love "non" IPT people reading things and then suggesting it. You need to make sure you do not voice recording in case it causes problems
04-09-2008 04:18 AM
Well nobody likes the idea that their conversation can be listened to.
Of course encryption costs money (CM upgrade, phones upgrade, time spent) so when faced with the cost estimate many people find that isn't much of an issue anymore, just like in all and any legacy PBX of the world.
04-09-2008 04:40 AM
Paolo,
Thanks for the new insight provided by you.
You have mentioned the cost factor ( which scares away almost all organizations!!!)
We are already running CCM 4.1(3) which supports encryption. All phones are running the latest loads.
Is there anything else invlolved apart from the time & effort invested?
Thanks,
Abhijit.
04-09-2008 06:32 AM
Which phones are you using ? Not all supports encryption.
04-10-2008 04:32 AM
Paolo,
We use mostly 7940's & 7911's. Think that it should support encryption. Just curious, do we need to pay for Cisco USB e-tokens?
Regards,
Abhijit.
04-09-2008 04:35 AM
Wayne,
We don't do any voice recording here. Thanks for the response.
Have a nice day.
Abhijit.
04-09-2008 05:44 AM
I was only being honest. The exact reason as Paulo stated is that it cost the time and money which is why we did not roll it out to production. After stating the pros and cons of this implementation to your bosses, it just was not important that your conversations could be listened to anymore.
04-09-2008 04:32 AM
Matt,
Thanks a lot for the wonderful info. Really helps a lot.
Just a few queries here :
the doc is for MGCP gateways. Will such a similar thing work for H.323 gateways?
Will enabling such a feature place extra load on the Publisher resources? ( we have everything on the pub, it's a single-server show, hence this question is very important to us.)
Have a nice day.
Thanks,
Abhijit.
04-09-2008 04:53 AM
Hi Abhijit,
Glad to hear things are going better for you! Here is the similar doc for H.323;
Media and Signaling Authentication and Encryption Feature for Cisco IOS H.323 Gateways
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htsecure.html
We did get the ES from Cisco so we are trying the upgrade again this Saturday :)
Hope this helps!
Rob
04-09-2008 05:49 AM
Haha looks like rob beat me to the punch! Yes as Rob posted above it is possible for H323 configurations. Like I said I did not roll out it to mass production so I really cant speak for the load that the Pub may be under. Seeing that you are in a 1 ccm environment, and everything else that that box is doing (moh,conferencing,ect...) that may be something to watch for.
04-09-2008 06:17 AM
Matt,
Thanks a lot for the wonderful insight provided by you. I spoke with the higher-ups & I don't think they are very enthusiastic about it now.
Have a nice day.
Thanks & Regards,
Abhijit.
04-09-2008 06:24 AM
Rob,
Thanks a ton for the doc. Wish you all the best for Saturday. I am certain that you will come up trumps this time.
Take care,
Abhijit.
04-09-2008 08:14 AM
I was under the impression that you had to buy the cisco etokens if you wanted to configure SRTP?? Is there any way around not using them if they are required for call manager 6.0 ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: