Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
4
Helpful
4
Replies

Encryption on Call Manager 4.2

tim.weid
Level 1
Level 1

‎01-16-2007 12:22 PM - edited ‎03-14-2019 07:34 PM

We are looking at rolling out encryption on our CM 4.2 cluster. Does anyone have any experience doing this and if so are their any reasons we should not?

Labels:
0 Helpful
4 Replies 4

tim.weid
Level 1
Level 1

‎01-18-2007 12:50 PM

any one... any one....

bueller...

0 Helpful

thisisshanky
Level 11
Level 11
In response to tim.weid

‎01-18-2007 12:59 PM

Tim,

I have done this only in lab environment with 4.1. Encryption was brought into CM world for the military.My advise to you is that unless there is a strict requirement for encryption, dont enable the feature.

It works pretty well if you make sure your time is sync'ed properly while generating certificates and all that. Also make sure that you get two USB tokens and safely store them as the first one is your master key.

Downsides include auto registration turned off system wide. Also conference calls today doesnt support encryption. For signalling traffic to be encrypted (especially for MGCP) you have to setup ipsec tunnels from the IPSEC management console. (CM 5.1 is a lot better from an administrative stand point to setup ipsec).

Deploying remote sites with encryption with SRST can be a pain. There is currently no way other than manual cut and paste of certificate information into the router. I was successfully able to lab it in a few hours time, but i really do hate the procedure involved in setting up Secure SRST.

When deploying remote sites you should also consider the extra bandwidth required for secure calls.

HTH

Sankar

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

tim.weid
Level 1
Level 1
In response to thisisshanky

‎01-18-2007 04:03 PM

Thank you for the info. We are local lan only and are doing this to be hipaa and sox compliant. So to understand, I will not be able to do this on my 7935 conference phones because they do not support encryption on 4.2?

0 Helpful

thisisshanky
Level 11
Level 11
In response to tim.weid

‎01-18-2007 04:37 PM

I meant to say that when three phones are in a conference, even if the phones are capable of encryption on a peer-peer call, the conference will be non-encrypted. Limitation of Conf bridge. Also here are some of the specifics of what calls are encrypted and what is not.

a. When encrypted phones call each other, you get a lock sign indicating that the call is encrypted.

b. When encrypted phones call a non encrypted phones, the call is not encrypted

c. non encrypted phones continue calls without encryption

d. When three encrypted phones are in a conference, the call is not encrypted (limitation of conf bridge)

e. When an encrypted phone calls a MGCP or H323 gateway, (which has encryption config on it), a lock sign is shown on the phone, indicating the call is encrypted.

f. When an encrypted phone calls Unity voice mail that is encryption enabled, a lock sign is shown on the phone, indicating call is encrypted.

Sankar

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents