Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA phone proxy mode and gateway: sig and media encryption available?

Hi dear community,

I would like to know if the ASA have the ability to end SRTP and IPSEC (for securing signalisation) of a MGCP controlled gateway:

CUCM ------- [ASA] ------- Gateway -------(PSTN)-------phones

                         |

                         |

                    IPPhones

My Asa is configured as a phone proxy, and my ipphones are TLS and SRTP enabled... I was asking myself to secure my MGCP gateway by an ipsec tunnels (for the sig only), but i don't know how manage with the RTP coming from my Gateway?

CUCM ---|Sig.TLS|---- [ASA] ---|SIG via IPSEC, RTP via ????|---- Gateway -------(PSTN)-------phones

                                        |

                                |Sig via TLS|

                                |RTP via SRTP|

                                        |

                                  IPPhones

Also, could you confirmed that the ASA can ended the ipsec tunnel, and that the MGCP sig would be also encrypted in the TLS session of the CUCM?

CUCM ---|Sig.TLS (for SCCP and MGCP!!)|---- [ASA] ---|SIG via IPSEC, RTP via ????|---- Gateway -------(PSTN)-------phones

                                                                                |

                                                                        |Sig via TLS|

                                                                        |RTP via SRTP|

                                                                                |

                                                                          IPPhones

Thx to you,

GreeG

2 REPLIES
Cisco Employee

Re: ASA phone proxy mode and gateway: sig and media encryption a

Hi Gregory

Phone proxy feature on the ASA only supports now for the SCCP Ip phone and RTP from IP phone. It will not work for any other protocol at this time.

More information on the Phone proxy what is supported

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/unified_comm_phoneproxy.html#wp1241387

HTH

Sri Gudavalli

New Member

Re: ASA phone proxy mode and gateway: sig and media encryption a

Thanks for your prompt answering.

ok, so my only way to secure is to open on my ASA:

  • IPSec (ports 500, 51 and 50) between GW and CUCM
  • SRTP (ports 16000 to 32000) between GW and IPPhone

Right?

Cheers,

greg

168
Views
4
Helpful
2
Replies
CreatePlease to create content