Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encrypting Voice packets in CCM

We are running CCM 4.1(3). Someone from Network Team found out that it's possible to capture Voice packets using sniffer tools like Observer, Ethereal etc & they were able to recreate the Voice packets & snoop in on the conversation. Is it possible to encrypt the RTP streams?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Red

Re: Encrypting Voice packets in CCM

Hi Abhijit,

Glad to hear things are going better for you! Here is the similar doc for H.323;

Media and Signaling Authentication and Encryption Feature for Cisco IOS H.323 Gateways

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htsecure.html

We did get the ES from Cisco so we are trying the upgrade again this Saturday :)

Hope this helps!

Rob

Re: Encrypting Voice packets in CCM

Haha looks like rob beat me to the punch! Yes as Rob posted above it is possible for H323 configurations. Like I said I did not roll out it to mass production so I really cant speak for the load that the Pub may be under. Seeing that you are in a 1 ccm environment, and everything else that that box is doing (moh,conferencing,ect...) that may be something to watch for.

17 REPLIES

Re: Encrypting Voice packets in CCM

There is an option called SRTP. I have only set it up in a lab environment and not in actual production. Here is a good link to get you started.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtsecure.html#wp1093819

Silver

Re: Encrypting Voice packets in CCM

Don`t you just love "non" IPT people reading things and then suggesting it. You need to make sure you do not voice recording in case it causes problems

Hall of Fame Super Gold

Re: Encrypting Voice packets in CCM

Well nobody likes the idea that their conversation can be listened to.

Of course encryption costs money (CM upgrade, phones upgrade, time spent) so when faced with the cost estimate many people find that isn't much of an issue anymore, just like in all and any legacy PBX of the world.

New Member

Re: Encrypting Voice packets in CCM

Paolo,

Thanks for the new insight provided by you.

You have mentioned the cost factor ( which scares away almost all organizations!!!)

We are already running CCM 4.1(3) which supports encryption. All phones are running the latest loads.

Is there anything else invlolved apart from the time & effort invested?

Thanks,

Abhijit.

Hall of Fame Super Gold

Re: Encrypting Voice packets in CCM

Which phones are you using ? Not all supports encryption.

New Member

Re: Encrypting Voice packets in CCM

Paolo,

We use mostly 7940's & 7911's. Think that it should support encryption. Just curious, do we need to pay for Cisco USB e-tokens?

Regards,

Abhijit.

New Member

Re: Encrypting Voice packets in CCM

Wayne,

We don't do any voice recording here. Thanks for the response.

Have a nice day.

Abhijit.

Re: Encrypting Voice packets in CCM

I was only being honest. The exact reason as Paulo stated is that it cost the time and money which is why we did not roll it out to production. After stating the pros and cons of this implementation to your bosses, it just was not important that your conversations could be listened to anymore.

New Member

Re: Encrypting Voice packets in CCM

Matt,

Thanks a lot for the wonderful info. Really helps a lot.

Just a few queries here :

the doc is for MGCP gateways. Will such a similar thing work for H.323 gateways?

Will enabling such a feature place extra load on the Publisher resources? ( we have everything on the pub, it's a single-server show, hence this question is very important to us.)

Have a nice day.

Thanks,

Abhijit.

Hall of Fame Super Red

Re: Encrypting Voice packets in CCM

Hi Abhijit,

Glad to hear things are going better for you! Here is the similar doc for H.323;

Media and Signaling Authentication and Encryption Feature for Cisco IOS H.323 Gateways

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htsecure.html

We did get the ES from Cisco so we are trying the upgrade again this Saturday :)

Hope this helps!

Rob

Re: Encrypting Voice packets in CCM

Haha looks like rob beat me to the punch! Yes as Rob posted above it is possible for H323 configurations. Like I said I did not roll out it to mass production so I really cant speak for the load that the Pub may be under. Seeing that you are in a 1 ccm environment, and everything else that that box is doing (moh,conferencing,ect...) that may be something to watch for.

New Member

Re: Encrypting Voice packets in CCM

Matt,

Thanks a lot for the wonderful insight provided by you. I spoke with the higher-ups & I don't think they are very enthusiastic about it now.

Have a nice day.

Thanks & Regards,

Abhijit.

New Member

Re: Encrypting Voice packets in CCM

Rob,

Thanks a ton for the doc. Wish you all the best for Saturday. I am certain that you will come up trumps this time.

Take care,

Abhijit.

Bronze

Re: Encrypting Voice packets in CCM

I was under the impression that you had to buy the cisco etokens if you wanted to configure SRTP?? Is there any way around not using them if they are required for call manager 6.0 ?

New Member

Re: Encrypting Voice packets in CCM

Hi all. I would like to try CTL in CCM. Is it ok if I use Aladdin eTokens PRO32k and not to purchase the eToken from Cisco?

I read from another post that a user has a problem that the eToken is not recognised. http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&topicID=.ee6c829&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.2cbef52d

Super Bronze

Re: Encrypting Voice packets in CCM

Hi All

A few comments; I've recently deployed this for one of my customers and found a few things:

1) You need at least two security tokens from Cisco (not sure if other ones will work or not, I've not tried).

2) Most phones support SRTP, with some exceptions.

3) If you want to run SRTP to a gateway, that gateway will require Advanced IP Services, or Advanced Enterprise services. This IOS is also required for secure SRST, secure conference, secure transcoding etc.

4) Confernecing, MTP based in software on callmanager do NOT support SRTP. You need hardware conference or transcde resources for this.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: Encrypting Voice packets in CCM

Hi, does anyone know whether the Aladdin eToken Pro32k can be used for CTL?

Thanks in advance

229
Views
13
Helpful
17
Replies