Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
6
Replies

Encryption in CM 4.1.3

balukr
Level 2
Level 2

‎09-13-2005 05:49 PM - edited ‎03-15-2019 03:42 AM

I have CM 4.1.3 SR1 and we want to encrypt all the calls between IP phones.

I know for that we have to register the phones with encryption in "Device Security mode" .

I read couple of documents and setup CAPF,Ran CTL client,USB key with security tokens in CM.After some time I was able to register just two phones with encryption and works great.All other phones I tried giving an error "Registration Rejected" .I delete the certificate on Phone still no help.

I tried even new phones it gives the same error.

My question is if I want to add a phone with encryption what is the exact procedure I need to follow so I won't get any error and register the phones without any problem.

If I follow the Cisco document it is little confusing.

As always appreciate your help.

Thanks

Balu

Labels:
0 Helpful
6 Replies 6

mciarfello
Level 4
Level 4

‎09-14-2005 06:24 AM

I want to try out the encryption and/or authentication, but haven't gotten the USB token yet. Where did you get it from?

Thanks

0 Helpful

balukr
Level 2
Level 2
In response to mciarfello

‎09-14-2005 07:36 AM

From Cisco directly.It is separate part list so you have to order separately and you need minimum two keys.

0 Helpful

mciarfello
Level 4
Level 4
In response to balukr

‎09-14-2005 09:36 AM

Yea, I saw those. I guess I was hoping something different could be used. Actually, the last time I checked, Cisco didn't sell them directly. You needed to go third party.

Thanks for responding.

0 Helpful

pbarman
Level 5
Level 5

‎10-13-2005 08:44 AM

Balu,

You have to install the LSC (Locally Significant Certificates) on the IP Phones first before you turn on Encryption for the 7940/7960 Phones.

7970 has MIC (Manufacture Installed Certificates), so depending on your CAPF settings, they may download the LSC successfully and register.

But the 7940 and 7960 phones do not have MIC and you have to install the LSC on those phones first and look at the CAPF status if the certificate install was successful. Once successful, you change the Device Security Mode on the Phone to Encrypted and Reset.

I have set the Enterprise Parameter for Device Security Mode to Non-Secure and changed the Device Security Mode on Phones instead to Encrypted.

Atleast thats the way I did it and got it to work successfully for one of our customers. No problems experienced, it's working like a charm.

Thanks,

Partha

0 Helpful

mwadam
Level 1
Level 1
In response to pbarman

‎11-04-2005 11:29 AM

Partha,

I assume that when you state that you have to install the LSC on the 7940/60 first, that you are using the Security menu on the phone to enter the authentication string manually to install the LSC? This is the only way I have been able to get the 7940/60 to work. Have you found a way to get the LSC on the 7940/60 automatically? I have 500 phones I need to set this up on. Touching each phone individually will really be a slow process.

Thanks!!!

Adam

0 Helpful

jrsteele21
Spotlight
Spotlight
In response to mwadam

‎03-02-2006 10:39 AM

Adam,

I am trying to find the same answer about installing the LSC automatically to multiple phones. Did you happen to get an answer on that?

thanks

0 Helpful
Customers Also Viewed These Support Documents