Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encryption on Call Manager 4.2

We are looking at rolling out encryption on our CM 4.2 cluster. Does anyone have any experience doing this and if so are their any reasons we should not?

4 REPLIES
New Member

Re: Encryption on Call Manager 4.2

any one... any one....

bueller...

Re: Encryption on Call Manager 4.2

Tim,

I have done this only in lab environment with 4.1. Encryption was brought into CM world for the military.My advise to you is that unless there is a strict requirement for encryption, dont enable the feature.

It works pretty well if you make sure your time is sync'ed properly while generating certificates and all that. Also make sure that you get two USB tokens and safely store them as the first one is your master key.

Downsides include auto registration turned off system wide. Also conference calls today doesnt support encryption. For signalling traffic to be encrypted (especially for MGCP) you have to setup ipsec tunnels from the IPSEC management console. (CM 5.1 is a lot better from an administrative stand point to setup ipsec).

Deploying remote sites with encryption with SRST can be a pain. There is currently no way other than manual cut and paste of certificate information into the router. I was successfully able to lab it in a few hours time, but i really do hate the procedure involved in setting up Secure SRST.

When deploying remote sites you should also consider the extra bandwidth required for secure calls.

HTH

Sankar

PS: please remember to rate posts!

New Member

Re: Encryption on Call Manager 4.2

Thank you for the info. We are local lan only and are doing this to be hipaa and sox compliant. So to understand, I will not be able to do this on my 7935 conference phones because they do not support encryption on 4.2?

Re: Encryption on Call Manager 4.2

I meant to say that when three phones are in a conference, even if the phones are capable of encryption on a peer-peer call, the conference will be non-encrypted. Limitation of Conf bridge. Also here are some of the specifics of what calls are encrypted and what is not.

a. When encrypted phones call each other, you get a lock sign indicating that the call is encrypted.

b. When encrypted phones call a non encrypted phones, the call is not encrypted

c. non encrypted phones continue calls without encryption

d. When three encrypted phones are in a conference, the call is not encrypted (limitation of conf bridge)

e. When an encrypted phone calls a MGCP or H323 gateway, (which has encryption config on it), a lock sign is shown on the phone, indicating the call is encrypted.

f. When an encrypted phone calls Unity voice mail that is encryption enabled, a lock sign is shown on the phone, indicating call is encrypted.

Sankar

PS: please remember to rate posts!

130
Views
4
Helpful
4
Replies
CreatePlease to create content