Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3608
Views
0
Helpful
7
Replies

SRTP CUCM 7.X

tommyphelan
Level 1
Level 1

‎02-10-2010 12:18 PM - edited ‎03-18-2019 11:05 AM

hi,

I have a lab setup with Cisco UCM 7.0.2 and i have two phones registered to the CUCM , one SIP and one SCCP phone.

I have another 3rd party PBX with phones ringing these two phones. I want to enable SRTP and my main question is as follows:

to activate SRTP for the Cisco phones do i need to set my CUCM to mixed mode ?

Both Cisco phones have MIC certs installed on them and looking at the settings on the phones it looks like the phones

are in non-secure mode. I used CTL client to see could i change the CUCM to mixed mode but i get a response saying i need

a security token.

/Tom

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Jaime Valencia
Cisco Employee
Cisco Employee

‎02-10-2010 12:28 PM

You need 2 security tokens for that, if you don't have them it's impossible to enable encryption.

Configuring the Cisco CTL Client

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_1_2/secugd/secuauth.html

Before you configure the Cisco CTL Client, verify that you activated the Cisco CTL Provider service and the Cisco Certificate Authority Proxy Function service in Cisco Unified Serviceability. Obtain at least two security tokens; the Cisco certificate authority issues these security tokens. The security tokens must come from Cisco. You will insert the tokens one at a time into the USB port on the server/workstation. If you do not have a USB port on the server, you may use a USB PCI card.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
0 Helpful

tommyphelan
Level 1
Level 1
In response to Jaime Valencia

‎02-11-2010 01:15 AM

thanks for the speedy response Java

I have one more question to clarify more for me.

I understand now that i need two Security Tokens to enable mixed mode for the CUCM.

Is it neccesary to put LSC certs onto the phone also for SRTP or should the MIC certs suffice ?

0 Helpful

Eugene Zuevski
Level 1
Level 1
In response to Jaime Valencia

‎10-25-2012 07:20 AM

Is is possible to use security tokens in vmware environment installation refers to the CUCM 9.0?

0 Helpful

Robert Thomas
Level 7
Level 7
In response to Eugene Zuevski

‎10-25-2012 07:27 AM

I think you can use the same CTL for vmware cobsider the usb will be connected to the admin pc with the ctl client software not the server itself.

The the ctl client will insert the certs into the cucm cluster.

Sent from Cisco Technical Support iPhone App

0 Helpful

Eugene Zuevski
Level 1
Level 1
In response to Robert Thomas

‎11-06-2012 02:20 AM

I mean is it possible to change CUCM on vmware to the mixed mode?

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to Eugene Zuevski

‎11-06-2012 06:02 AM

Yes, just follow the instructions from the CUCM security guide.

Whether it's on an MCS or a UCS makes no difference.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
0 Helpful

jeffrdix
Level 1
Level 1

‎07-02-2010 07:34 AM

It is strongly recommended that you use LSC's as opposed to MIC's

 

 

 

Tip

Cisco recommends that you use manufacturer-installed certificates (MICs) for LSC installation only. Cisco supports LSCs to authenticate the TLS connection with Cisco Unified Communications Manager. Because MIC root certificates can be compromised, customers who configure phones to use MICs for TLS authentication or for any other purpose do so at their own risk. Cisco assumes no liability if MICs are compromised.

0 Helpful
Customers Also Viewed These Support Documents