10-09-2006 03:58 PM - edited 03-13-2019 03:17 PM
CCM 4.13 starts support authentication and encryption. It seems only support sccp and mgcp. what about h323 and sip? Thanks
10-09-2006 04:15 PM
With h323 you need an IOS version (minimum) of 12.4.6T on the routers to run SRTP.
dial-peer voice 10 voip
srtp
To encrypt signalling, you have to create IPSEC tunnels to Callmanager (pub and sub). You have to use the IPSEC policy wizard in Callmanager to create the tunnels. (You can access this using secpol.msc). You need to create two instances of the same crypto map on the router (one to pub and one to sub).
I am not sure if encryption for SIP is there yet. Probably coming soon! (I could be wrong)
HTH
Sankar
PS: please remember to rate posts!
10-09-2006 05:15 PM
Can you set the encryption for only a few phones or is is all or nothing?
10-09-2006 05:19 PM
Mixed mode means you can run encrypted and non encrypted phones together. Just that auto reg will be disabled. Here are a few scenarios.
a. When encrypted phones call each other, you get a lock sign indicating that the call is encrypted.
b. When encrypted phones call a non encrypted phones, the call is unencrypted
c. non encrypted phones continue calls without encryption
d. When three encrypted phones are in a conference, the call is not encrypted (limitation of conf bridge)
e. When an encrypted phone calls a MGCP or H323 gateway, (which has encryption config on it), a lock sign is shown on the phone, indicating the call is encrypted.
f. When an encrypted phone calls Unity voice mail that is encryption enabled, a lock sign is shown on the phone, indicating call is encrypted.
HTH
Sankar.
PS: please remember to rate posts!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: