Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PhoneProxy Enable SCCP Security

I'm trying to enable secure SCCP through our PhoneProxy. from the cli on the proxy i've entered 'set phoneproxy sccp security on' then following the directions in the Admin guide. I've gone to the ProxyAdmin tool and choose the "update cluster information" option. The application downloads the files and i can see them in the temp folder. I'm then prompted to "please plug in the eToken then click OK to sign control file." There is no indication in the instructions where to "plug in the eToken". If anyone has had any luck please hellp :)


Re: PhoneProxy Enable SCCP Security

An eToken is the USB key used (two should have been used for safekeeping) when you configured CallManager/CTL for secure SCCP.

If you didn't setup the phones/callmanager for CTL/Secure SCCP then PhoneProxy pass SRTP.

New Member

Re: PhoneProxy Enable SCCP Security

Jason - Thanks for the response..

According to the doc's, using the CLI you turn on the Secure SCCP, then goto the Admin tool and update proxy. This downloads the keys that were created during the enable process (i can see the keys in the temp workspace). There's no mention of the keys needing to be copied anywhere. This would not be so confusing if there was a dialog box to point to the location of the keys that the admin tool downloaded..

From your response, perhaps i need to be physically at the box to capture the keys to a USB stick(s)? I still don't see how these would get into the Admin tool though.. Any additional comments are much appreciated..

New Member

Re: PhoneProxy Enable SCCP Security

I admit, we need a few more sentences in the admin guide to explain where you should stick those keys. This will be addressed in the next revision of the document, but until then...

The keys (USB eTokens) should be inserted into a USB port on the administrator's PC, which is running the Managment Console (not into the actual PhoneProxy hardware). After the first key is inserted and read, the Management Console software will prompt for the next key. After that the software will sign the files with the info from the keys and then you're ready to publish that info back to the PhoneProxy.