Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

CUCM 7.1(3): call interrupt with call forward over secure H.323 gateway (SRTP)

I have to encrypt the voice stream in our voice domain which includes the connections between the H.323 gateway (to/from PSTN) and the phones and configured it on a per dial-peer base.

To secure both directions - incoming and outgoing calls - I have to enable SRTP (fallback) at the outgoing voip dial-peer to CUCM for incoming calls from PSTN and at the incoming dial-peer from CUCM for outgoing calls to PSTN.

Works fine! But......

......if a directory number in CUCM is forwarded to an external number, the call interrupts.

I dicovered how the call flow looks for this scenario after the connection is established regarding dial-peers and RTP connections (using the commands show voice call status and show voip rtp connections)

PSTN  -->  incoming pots dial-peer  -->  outgoing voip dial-peer  --> incoming voip dial-peer  -->  outgoing pots dial-peer  -->  PSTN

With the show voip rtp connections command you can see two connections with source and destination IP of the gateway. It is like a gateway-to-gateway connection between two independet gateways even though it is the same device.

I tested different variations for SRTP at the voip dial-peers:

non-secure outgoing dial-peer  -->  non-secure incoming dial-peer :    OK

      secure outgoing dial-peer  -->  non-secure incoming dial-peer :    OK

non-secure outgoing dial-peer  -->        secure incoming dial-peer :    OK

      secure outgoing dial-peer  -->        secure incoming dial-peer :    fail

Unfortunately in normal configuration the incoming dial-peer is the same to use for outgoing external calls from the phones. And as described above I have to secure it.

So forwarded calls to an external number nerver will be established.

Is there any other configuration or feature for the gateway and/or CUCM to make this scenario possible?

CreatePlease to create content