cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
992
Views
13
Helpful
17
Replies

Encrypting Voice packets in CCM

Abhijit.Das
Level 1
Level 1

We are running CCM 4.1(3). Someone from Network Team found out that it's possible to capture Voice packets using sniffer tools like Observer, Ethereal etc & they were able to recreate the Voice packets & snoop in on the conversation. Is it possible to encrypt the RTP streams?

2 Accepted Solutions

Accepted Solutions

Hi Abhijit,

Glad to hear things are going better for you! Here is the similar doc for H.323;

Media and Signaling Authentication and Encryption Feature for Cisco IOS H.323 Gateways

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htsecure.html

We did get the ES from Cisco so we are trying the upgrade again this Saturday :)

Hope this helps!

Rob

View solution in original post

Haha looks like rob beat me to the punch! Yes as Rob posted above it is possible for H323 configurations. Like I said I did not roll out it to mass production so I really cant speak for the load that the Pub may be under. Seeing that you are in a 1 ccm environment, and everything else that that box is doing (moh,conferencing,ect...) that may be something to watch for.

View solution in original post

17 Replies 17

mattcalderon
Level 4
Level 4

There is an option called SRTP. I have only set it up in a lab environment and not in actual production. Here is a good link to get you started.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtsecure.html#wp1093819

Don`t you just love "non" IPT people reading things and then suggesting it. You need to make sure you do not voice recording in case it causes problems

Well nobody likes the idea that their conversation can be listened to.

Of course encryption costs money (CM upgrade, phones upgrade, time spent) so when faced with the cost estimate many people find that isn't much of an issue anymore, just like in all and any legacy PBX of the world.

Paolo,

Thanks for the new insight provided by you.

You have mentioned the cost factor ( which scares away almost all organizations!!!)

We are already running CCM 4.1(3) which supports encryption. All phones are running the latest loads.

Is there anything else invlolved apart from the time & effort invested?

Thanks,

Abhijit.

Which phones are you using ? Not all supports encryption.

Paolo,

We use mostly 7940's & 7911's. Think that it should support encryption. Just curious, do we need to pay for Cisco USB e-tokens?

Regards,

Abhijit.

Wayne,

We don't do any voice recording here. Thanks for the response.

Have a nice day.

Abhijit.

I was only being honest. The exact reason as Paulo stated is that it cost the time and money which is why we did not roll it out to production. After stating the pros and cons of this implementation to your bosses, it just was not important that your conversations could be listened to anymore.

Matt,

Thanks a lot for the wonderful info. Really helps a lot.

Just a few queries here :

the doc is for MGCP gateways. Will such a similar thing work for H.323 gateways?

Will enabling such a feature place extra load on the Publisher resources? ( we have everything on the pub, it's a single-server show, hence this question is very important to us.)

Have a nice day.

Thanks,

Abhijit.

Hi Abhijit,

Glad to hear things are going better for you! Here is the similar doc for H.323;

Media and Signaling Authentication and Encryption Feature for Cisco IOS H.323 Gateways

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htsecure.html

We did get the ES from Cisco so we are trying the upgrade again this Saturday :)

Hope this helps!

Rob

Haha looks like rob beat me to the punch! Yes as Rob posted above it is possible for H323 configurations. Like I said I did not roll out it to mass production so I really cant speak for the load that the Pub may be under. Seeing that you are in a 1 ccm environment, and everything else that that box is doing (moh,conferencing,ect...) that may be something to watch for.

Matt,

Thanks a lot for the wonderful insight provided by you. I spoke with the higher-ups & I don't think they are very enthusiastic about it now.

Have a nice day.

Thanks & Regards,

Abhijit.

Rob,

Thanks a ton for the doc. Wish you all the best for Saturday. I am certain that you will come up trumps this time.

Take care,

Abhijit.

I was under the impression that you had to buy the cisco etokens if you wanted to configure SRTP?? Is there any way around not using them if they are required for call manager 6.0 ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: