Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
5
Helpful
4
Replies

Unity Connection 9.1 (How to force encrypted connections only)

Blair Telecom
Level 1
Level 1

‎12-31-2013 08:02 AM - edited ‎03-16-2019 09:03 PM

We are running Unity Connection Server 9.1 and CUCI-Lync 8.6.  I know how to configure the CUCI client to make encrypted connections to Unity but, Is there a way to configure Unity Connection to ONLY accept encrypted TLS IMAP connections?  

Thanks,

Chris

Labels:
0 Helpful
4 Replies 4

Paulo Dobles
Cisco Employee
Cisco Employee

‎01-03-2014 11:57 AM

Hi

I  just worked a simialr TAC case and there's no real "best practice" .You have the option to encrypt traffic or not the one you alrady know .The clients used to connect to UC are what initiate an encrypted request, not the server. And of course, in the  following doc, it indicates that the clients needs to be configured to use encryption (which may be different for all kinds of clients out there) and the self signed certificate should work just fine as long as the client has accepted the certificate and added it to its local certificate store.

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/9x/security/guide/9xcucsec065.html#wp1053085

An example in this scenario TAC would end up going step by step through the configuration guide to make sure everything was done, so we will want to eliminate anything covered in the documentation first.

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsag215.html

As referenced in CSCuc04100, the feature is still not yet implemented or planned. So it's still up to the customer's client configurations or infrastructure to prevent non-secure IMAP connections. There is no way currently to force it from the Unity Connection server's configuration yet.

Best regards,

Paulo Dobles

Cisco TAC Support Engineer, Unity

Blair Telecom
Level 1
Level 1

‎01-03-2014 01:23 PM

Hi Paulo,

I started reading your post and it sounded so familiar.   LOL, turns out your post here was word for word in the e-mail you sent to another tech at my company that opened "the similar TAC case" you refered to.

Thanks for your reply!

Regards,

Chris

0 Helpful

Paulo Dobles
Cisco Employee
Cisco Employee
In response to Blair Telecom

‎01-03-2014 01:29 PM

Ok, I see. Could you please share the procedure you used to configure the CUCI client to make encrypted connections to Unity for future reference.

Thanks

Best regards,

Paulo Dobles

0 Helpful

Blair Telecom
Level 1
Level 1
In response to Paulo Dobles

‎01-03-2014 01:51 PM

To configure CUCI-Lync 8.5 for encrypted connection to Unity Connection Server 9.1

Make the following settings In the registry of the Client computer (Win 7)

Computer\HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Client Services Framework\AdminData

"VVM_Mailstore_ImapProtocol_0"="TLS"

"VVM_Mailstore_ImapProtocol_1"="TLS"

"VVM_Mailstore_ImapPort_0"="7993"

"VVM_Mailstore_ImapPort_1"="7993"

"VVM_Mailstore_EncryptedConnection"="true"

After you have made these changes restart Cisco UC and your connection will be encrypted.

I believe these are the same registry key changes for CUCI v9.2 as well.

As far as blocking unencrypted connections, we are looking to create ACL's on the Unity server switch port to deny TCP 143 connections as our interim solution.

Chris

0 Helpful
Customers Also Viewed These Support Documents