Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1837
Views
0
Helpful
3
Replies

CUCM security with IPSec

Benjamin Krueger
Level 1
Level 1

‎08-27-2012 02:46 AM - edited ‎03-16-2019 12:53 PM

Hallo!

I have two questions about security with Cisco Unified Communications Manager 8.6 and IPSec.

1. We want to use IPSec connections between gateways and CUCM server directly. We don't have a separate network device which would terminate the IPSec sessions in the data center, because we don't trust the data center, too.

Has the CUCM any restrictions how many IPSec connections he can handle?

In the SRND 8.x  I found only "using IPSec on Unified CM servers can incur a significant impact on server performance", but what dose that mean?

We have roundabout 30 gateways/locations which we want to connect via IPSec.

2. Question: Can I use the loopback address of a gateway to establish an IPSec connection?

I found only configuration examples with physical ports.

I hope you can help me.

kind regards

Benjamin

Labels:
0 Helpful
3 Replies 3

toormehdi
Level 1
Level 1

‎09-22-2012 09:18 PM

Hi Benjamin,

I am actually looking for the answer to same question you posted above. Were you able to get answer to your first question from Cisco TAC or account team? Please let me know.

Also were you considering on doing the IPSec between the CUCM nodes as well?

Thanks,

Toor

0 Helpful

Geevarghese Cheria
Cisco Employee
Cisco Employee
In response to toormehdi

‎09-26-2012 08:24 AM

Hi Toor,

   Adding the notes from SR 622930887

There is no definite number since it would depend on the load that you are running on the systems. But having as many as 30 tunnels is sure to affect the performance. While testing in the lab with 10 tunnels configured on a server did not significantly affected the performance. But again if you are running heavy load on the servers it is more likely to suffer a performance degradation than a server running lesser amount of load. So at this point the only thing is to get the ipsec tunnels configured on a node  that is reasonably inactive in the cluster. 

Thanks and Regards,
Geevarghese

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
                
                    
        

	
	

		
	

	


		
	
		

			

	 
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			
			

	

		

			

	
		
			

		


	

	
			

	
	
	 
	
	
	
				
		

			
				
					
					
				
			
		

	
			
	
	
	
	
	


		

	

	

	

	

	

	

	
			
					
				
		

	


	

		
	
	


		

	

		

			

	
		

			
		
			
			
		
		
	
		

	
	


		

	

		

			

	
		

			
		
			

	
			
					toormehdi
					
				
		


		
	
		

	
	

	
		

			
		
				
		
	

	

	
			
				
		
		
			
		
		
		Level 1
		
		
		
		
		
	
			
		

		
			
					
		

			Level 1
		

	
				
		
			
					

	
		In response to Geevarghese Cheria
	
	


				
		
	
		

	
	


		

			

	
		
			
		
			
					
		

			
    

	
		
		
		‎10-02-2012
	
		
		09:35 PM
	
	

	
	
	
	
	
	
	
	
	
	
	
	

		

	
				
		
	
	


		

	

		

			

	
		
			
					
		

	
		

			
				
					
					
						
 Thanks Geevarghese. 
Is there a document you could share which outline step by step process for creating IPSec tunnels to CUCM using PKI certs?
Thanks
Toor

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		

			
		
			
 
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


 

		
	
		

	
	

	
		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents