I have a customer requirement to configure authentication and signaling encryption between CCM7.1, gateway and unity connection 7.1
The cluster looks like this.
1. 1 pub and 2 subscriber
2. 2 unity connection server in a cluster
3. voice gateway for remote site.
I need to encrypt signalling and authenication between
1. CCM and MGCP gateway
2. CCM and CCM
3. CCM and unityConnection.
CCM and mgcp gateway
1. Do I need to configure IPSEC policy on each CCM server that the MGCP gateway will be talking to. I assume this will be the case?
2. The configuration parameters on CCM needs clarification.
2a. Authentication Method: Certificate or pre-shared key?
if its preshared key, then what value do I enter for the pre-shared key (or can I leave it blank)?
2b. peer type: same or different? ( I observed than when you slect pre-share as authentication method, this is greyed out)
2c. Destination address: ( should this be IP address of mgcp gateway interface)
2d. Detination port: ANY ( I belive IPSEC does not do protocol specific)
2e Source address: IP address of CCM
2f remote port: ( what should this be?) is it mgcp gateway udp port 2428?
2g encryption algortithn: des or 3des ( can it be anything as long as it matches the crypto isakmp config on gateway?)
2h: hash algorithm : ha1 or md5?
2i:esp algorithm: ? null encryption or des or 3des?
2j: Phase 1 DH: 1, 2 0r 5?
2k: phase 1 lifetime 3600?
3. Do I need to configure cryto isakmp on the IOS MGCP gateway to talk to CCM? I believe this is correct.
2. CCM and CCM
Do I need to configure an IPsec policy between each CCM server in the cluster. ie
pub to sub 1
pub to sub 2
sub1 to pub
sub2 to pub
sub1 to sub 2
sub2 to sub1
3. Finally CCM and Unity connection
Do I nee dto configure ipsec policy between each CCM server that unioty connection will be registering with. i.e
Sub1 to Unity connection 1 (and vice versa)
sub1 to unity connection 2 (and vice versa)
sub 2 to UC 1 (and vice versa)
sub2 to UC2 (and vice versa)
Your thoughts will be much appreciated. I am really lost on this one! Never felt so lost in such a long long time!