ASA phone proxy mode and gateway: sig and media encryption available?

Unanswered Question
Aug 10th, 2010
User Badges:

Hi dear community,


I would like to know if the ASA have the ability to end SRTP and IPSEC (for securing signalisation) of a MGCP controlled gateway:


CUCM ------- [ASA] ------- Gateway -------(PSTN)-------phones

                         |

                         |

                    IPPhones


My Asa is configured as a phone proxy, and my ipphones are TLS and SRTP enabled... I was asking myself to secure my MGCP gateway by an ipsec tunnels (for the sig only), but i don't know how manage with the RTP coming from my Gateway?


CUCM ---|Sig.TLS|---- [ASA] ---|SIG via IPSEC, RTP via ????|---- Gateway -------(PSTN)-------phones

                                        |

                                |Sig via TLS|

                                |RTP via SRTP|

                                        |

                                  IPPhones


Also, could you confirmed that the ASA can ended the ipsec tunnel, and that the MGCP sig would be also encrypted in the TLS session of the CUCM?


CUCM ---|Sig.TLS (for SCCP and MGCP!!)|---- [ASA] ---|SIG via IPSEC, RTP via ????|---- Gateway -------(PSTN)-------phones

                                                                                |

                                                                        |Sig via TLS|

                                                                        |RTP via SRTP|

                                                                                |

                                                                          IPPhones



Thx to you,

GreeG

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
gesnaudniji Tue, 08/10/2010 - 07:39
User Badges:

Thanks for your prompt answering.


ok, so my only way to secure is to open on my ASA:

  • IPSec (ports 500, 51 and 50) between GW and CUCM
  • SRTP (ports 16000 to 32000) between GW and IPPhone


Right?


Cheers,

greg

Actions

This Discussion