Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
4
Helpful
2
Replies

ASA phone proxy mode and gateway: sig and media encryption available?

gesnaudniji
Level 1
Level 1

‎08-10-2010 07:21 AM - edited ‎03-16-2019 12:09 AM

Hi dear community,

I would like to know if the ASA have the ability to end SRTP and IPSEC (for securing signalisation) of a MGCP controlled gateway:

CUCM ------- [ASA] ------- Gateway -------(PSTN)-------phones

                         |

                         |

                    IPPhones

My Asa is configured as a phone proxy, and my ipphones are TLS and SRTP enabled... I was asking myself to secure my MGCP gateway by an ipsec tunnels (for the sig only), but i don't know how manage with the RTP coming from my Gateway?

CUCM ---|Sig.TLS|---- [ASA] ---|SIG via IPSEC, RTP via ????|---- Gateway -------(PSTN)-------phones

                                        |

                                |Sig via TLS|

                                |RTP via SRTP|

                                        |

                                  IPPhones

Also, could you confirmed that the ASA can ended the ipsec tunnel, and that the MGCP sig would be also encrypted in the TLS session of the CUCM?

CUCM ---|Sig.TLS (for SCCP and MGCP!!)|---- [ASA] ---|SIG via IPSEC, RTP via ????|---- Gateway -------(PSTN)-------phones

                                                                                |

                                                                        |Sig via TLS|

                                                                        |RTP via SRTP|

                                                                                |

                                                                          IPPhones

Thx to you,

GreeG

Labels:
0 Helpful
2 Replies 2

srgudava
Cisco Employee
Cisco Employee

‎08-10-2010 07:26 AM

Hi Gregory

Phone proxy feature on the ASA only supports now for the SCCP Ip phone and RTP from IP phone. It will not work for any other protocol at this time.

More information on the Phone proxy what is supported

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/unified_comm_phoneproxy.html#wp1241387

HTH

Sri Gudavalli

gesnaudniji
Level 1
Level 1
In response to srgudava

‎08-10-2010 07:39 AM

Thanks for your prompt answering.

ok, so my only way to secure is to open on my ASA:

  • IPSec (ports 500, 51 and 50) between GW and CUCM
  • SRTP (ports 16000 to 32000) between GW and IPPhone

Right?

Cheers,

greg

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents