Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ccm 4 security

CCM 4.13 starts support authentication and encryption. It seems only support sccp and mgcp. what about h323 and sip? Thanks


Re: ccm 4 security

With h323 you need an IOS version (minimum) of 12.4.6T on the routers to run SRTP.

dial-peer voice 10 voip


To encrypt signalling, you have to create IPSEC tunnels to Callmanager (pub and sub). You have to use the IPSEC policy wizard in Callmanager to create the tunnels. (You can access this using secpol.msc). You need to create two instances of the same crypto map on the router (one to pub and one to sub).

I am not sure if encryption for SIP is there yet. Probably coming soon! (I could be wrong)



PS: please remember to rate posts!

New Member

Re: ccm 4 security

Can you set the encryption for only a few phones or is is all or nothing?

Re: ccm 4 security

Mixed mode means you can run encrypted and non encrypted phones together. Just that auto reg will be disabled. Here are a few scenarios.

a. When encrypted phones call each other, you get a lock sign indicating that the call is encrypted.

b. When encrypted phones call a non encrypted phones, the call is unencrypted

c. non encrypted phones continue calls without encryption

d. When three encrypted phones are in a conference, the call is not encrypted (limitation of conf bridge)

e. When an encrypted phone calls a MGCP or H323 gateway, (which has encryption config on it), a lock sign is shown on the phone, indicating the call is encrypted.

f. When an encrypted phone calls Unity voice mail that is encryption enabled, a lock sign is shown on the phone, indicating call is encrypted.



PS: please remember to rate posts!

CreatePlease to create content