cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
238
Views
7
Helpful
3
Replies

ccm 4 security

ciscoforum
Level 1
Level 1

CCM 4.13 starts support authentication and encryption. It seems only support sccp and mgcp. what about h323 and sip? Thanks

3 Replies 3

thisisshanky
Level 11
Level 11

With h323 you need an IOS version (minimum) of 12.4.6T on the routers to run SRTP.

dial-peer voice 10 voip

srtp

To encrypt signalling, you have to create IPSEC tunnels to Callmanager (pub and sub). You have to use the IPSEC policy wizard in Callmanager to create the tunnels. (You can access this using secpol.msc). You need to create two instances of the same crypto map on the router (one to pub and one to sub).

I am not sure if encryption for SIP is there yet. Probably coming soon! (I could be wrong)

HTH

Sankar

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Can you set the encryption for only a few phones or is is all or nothing?

Mixed mode means you can run encrypted and non encrypted phones together. Just that auto reg will be disabled. Here are a few scenarios.

a. When encrypted phones call each other, you get a lock sign indicating that the call is encrypted.

b. When encrypted phones call a non encrypted phones, the call is unencrypted

c. non encrypted phones continue calls without encryption

d. When three encrypted phones are in a conference, the call is not encrypted (limitation of conf bridge)

e. When an encrypted phone calls a MGCP or H323 gateway, (which has encryption config on it), a lock sign is shown on the phone, indicating the call is encrypted.

f. When an encrypted phone calls Unity voice mail that is encryption enabled, a lock sign is shown on the phone, indicating call is encrypted.

HTH

Sankar.

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: