Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CUCM security with IPSec

Hallo!

I have two questions about security with Cisco Unified Communications Manager 8.6 and IPSec.

1. We want to use IPSec connections between gateways and CUCM server directly. We don't have a separate network device which would terminate the IPSec sessions in the data center, because we don't trust the data center, too.

Has the CUCM any restrictions how many IPSec connections he can handle?

In the SRND 8.x  I found only "using IPSec on Unified CM servers can incur a significant impact on server performance", but what dose that mean?

We have roundabout 30 gateways/locations which we want to connect via IPSec.

2. Question: Can I use the loopback address of a gateway to establish an IPSec connection?

I found only configuration examples with physical ports.

I hope you can help me.

kind regards

Benjamin

Everyone's tags (3)
3 REPLIES
New Member

CUCM security with IPSec

Hi Benjamin,

I am actually looking for the answer to same question you posted above. Were you able to get answer to your first question from Cisco TAC or account team? Please let me know.

Also were you considering on doing the IPSec between the CUCM nodes as well?

Thanks,

Toor

Cisco Employee

Re: CUCM security with IPSec

Hi Toor,

   Adding the notes from SR 622930887

There is no definite number since it would depend on the load that you are running on the systems. But having as many as 30 tunnels is sure to affect the performance. While testing in the lab with 10 tunnels configured on a server did not significantly affected the performance. But again if you are running heavy load on the servers it is more likely to suffer a performance degradation than a server running lesser amount of load. So at this point the only thing is to get the ipsec tunnels configured on a node  that is reasonably inactive in the cluster.

Thanks and Regards,

Geevarghese

New Member

CUCM security with IPSec

Thanks Geevarghese.

Is there a document you could share which outline step by step process for creating IPSec tunnels to CUCM using PKI certs?

Thanks

Toor

1187
Views
0
Helpful
3
Replies