cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1069
Views
0
Helpful
0
Replies

Sip Trunk over tunnel IPsec on Cisco CME

alvdelafuente
Level 1
Level 1

I have a costumer with a CME installation. All his phones are SIP based and we have a sip trunk with other organization. He wants to secure the communications over this SIP trunk, but cannot use TLS and SRTP because of this:

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/manual/cmeadm/cmeauth.html#concept_B96E88E5896148AF8D3462588377AEE5 Restriction: • Secure SIP trunk is supported only on SCCP Cisco Unified CME and not on SIP Cisco Unified CME. Secure SIP lines are not supported on the Cisco Unified CME mode.

 

So the alternative is to create an IPsec tunnel from CME (on the same equipment) to the other peer, an send the voice traffic over it. But the problem I see in configure the IPSec on the CME is that I need to configure a access list to match the traffic to encrypt.

All the SIP traffic an RTP (media flow-through) came with a CME IP address, the access list do not apply to the router generated traffic, so the traffic does not encrypt.

 

¿What do you think? ¿Will it work or not?

 

 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: