Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SRTP CUCM 7.X

hi,

I have a lab setup with Cisco UCM 7.0.2 and i have two phones registered to the CUCM , one SIP and one SCCP phone.

I have another 3rd party PBX with phones ringing these two phones. I want to enable SRTP and my main question is as follows:

to activate SRTP for the Cisco phones do i need to set my CUCM to mixed mode ?

Both Cisco phones have MIC certs installed on them and looking at the settings on the phones it looks like the phones

are in non-secure mode. I used CTL client to see could i change the CUCM to mixed mode but i get a response saying i need

a security token.

/Tom

Everyone's tags (2)
7 REPLIES
Cisco Employee

Re: SRTP CUCM 7.X

You need 2 security tokens for that, if you don't have them it's impossible to enable encryption.

Configuring the Cisco CTL Client

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_1_2/secugd/secuauth.html

Before you configure the Cisco CTL Client, verify that you activated the Cisco CTL Provider service and the Cisco Certificate Authority Proxy Function service in Cisco Unified Serviceability. Obtain at least two security tokens; the Cisco certificate authority issues these security tokens. The security tokens must come from Cisco. You will insert the tokens one at a time into the USB port on the server/workstation. If you do not have a USB port on the server, you may use a USB PCI card.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

Re: SRTP CUCM 7.X

thanks for the speedy response Java

I have one more question to clarify more for me.

I understand now that i need two Security Tokens to enable mixed mode for the CUCM.

Is it neccesary to put LSC certs onto the phone also for SRTP or should the MIC certs suffice ?

New Member

SRTP CUCM 7.X

Is is possible to use security tokens in vmware environment installation refers to the CUCM 9.0?

Re: SRTP CUCM 7.X

I think you can use the same CTL for vmware cobsider the usb will be connected to the admin pc with the ctl client software not the server itself.

The the ctl client will insert the certs into the cucm cluster.

Sent from Cisco Technical Support iPhone App

New Member

Re: SRTP CUCM 7.X

I mean is it possible to change CUCM on vmware to the mixed mode?

Cisco Employee

SRTP CUCM 7.X

Yes, just follow the instructions from the CUCM security guide.

Whether it's on an MCS or a UCS makes no difference.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

Re: SRTP CUCM 7.X

It is strongly recommended that you use LSC's as opposed to MIC's

 

 

 

Tip

Cisco recommends that you use manufacturer-installed certificates (MICs) for LSC installation only. Cisco supports LSCs to authenticate the TLS connection with Cisco Unified Communications Manager. Because MIC root certificates can be compromised, customers who configure phones to use MICs for TLS authentication or for any other purpose do so at their own risk. Cisco assumes no liability if MICs are compromised.

2980
Views
0
Helpful
7
Replies