Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Encryption IP Phone and Gateways

All,

I configured the cenario:

Resources:

CUCM 8.6.2.20000-2

Voice Gateway: c3900-universalk9-mz.SPA.151-4.M2.bin plus UC License.

The Ip Phones are configured and working.

For the Voice Gateway the Signaling Protocol is SIP.

I configured the commands:

crypto pki token default removal timeout 0
!
crypto pki trustpoint gateway
enrollment url http://192.168.4.10:80
serial-number
fqdn none
ip-address 192.168.64.167
password 7 1124292328362D3354787F64
subject-name CN=192.168.64.167
revocation-check none
rsakeypair gateway
!

I'd copied the servers certificate to the gateway and I'd copied the certificate of the gateway to servers.

In the voice service voip I can't configure "session transport tcp tls" and I think this is because I don't have Security License.

I configured only "srtp negotiate cisco".


voice service voip
ip address trusted list
  ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback cisco
sip
  bind control source-interface Loopback0
  bind media source-interface Loopback0
  session transport tcp
  srtp negotiate cisco
!


In the other side (CUCM) I configured "SRTP Allowed" only.

Question: Is this a possible design?

Somebody can help me?

Thanks,

Luciane de Medeiros

            

Everyone's tags (5)
252
Views
0
Helpful
0
Replies
CreatePlease to create content