Security token

Unanswered Question
Sep 9th, 2008

Hi, we are trying to run encryption between phones and during instalation of CTL client we were asked for security token. We dont have it and we arent sure if we are supposed to have it. Is USB security token in standard package of CCM server and software? Thanks a lot.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jaime Valencia Tue, 09/09/2008 - 07:07

yes, you're supposed to have it

no, it's a separate item which needs to be purchased.

you need 2 of them to enable security



if this helps, please rate

kurtdeneef Tue, 09/09/2008 - 08:33


I have 2 of them...where can i find a good procedure on how to install/implement security on the phones?

If i can show it to the customer,we are talking about a deal of 15000 phones here...

So any feedback would be greatly appreciated.


Aaron Harrison Wed, 09/10/2008 - 04:15

Hi All

A few comments; I've recently deployed this for one of my customers and found a few things:

1) You need at least two security tokens from Cisco (not sure if other ones will work or not, I've not tried).

2) Most phones support SRTP, with some exceptions. Check the data sheets for whatever models you use... once the cluster is in mixed security mode, it's largely just a matter of creating phone security profiles, ensuring phones have valid certificates (which can be done via BAT) and assigning the security profiles.

Detail of this stuff is in the Security Administration Guide for your version e.g:

3) If you want to run SRTP to a gateway, that gateway will require Advanced IP Services, or Advanced Enterprise services. This IOS is also required for secure SRST, secure conference, secure transcoding etc.

4) Confernecing, MTP based in software on callmanager do NOT support SRTP. You need hardware conference or transcoder resources for this.

Some docs:

Conferencing & XCODEing SRTP

Gateways and SRTP

Secure SRST (the most tricky)




This Discussion