Cisco CP-7911G-CH1 Administration Guide - Page 221
Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST
View all Cisco CP-7911G-CH1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 221 highlights
Configuring Secure SRST for SCCP and SIP How to Configure Secure Unified SRST ! Define aggregate control plane service for the active Route Processor. control-plane service-policy input control-plane-policy Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST Cisco Unified Survivable Remote Site Telephony (Cisco SRST) provides secure call signaling and Secure Real-time Transport Protocol (SRTP) for media encryption to establish a secure, encrypted connection between Cisco Unified IP Phones and gateway devices. • Prerequisites for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST, page 221 • Restrictions for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST, page 221 • Information About Cisco Unified SIP SRST Support of Secure SIP Signaling and SRTP Media, page 222 • Configuring Cisco Unified Communications Manager, page 222 • Configuring SIP SRTP for Encrypted Phones, page 223 • Configuring SIP options for Secure SIP SRST, page 224 • Configuring SIP SRST Security Policy, page 225 (optional) • Configuring SIP User Agent for Secure SIP SRST, page 226 (optional) • Verifying the Configuration, page 227 • Configuration Example for Cisco Unified SIP SRST, page 228 Prerequisites for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST • Cisco IOS Release 15.0(1)XA and later releases. • Cisco Unified IP Phone firmware release 8.5(3) or later. • Complete the prerequisites and necessary tasks found in Prerequisites for Configuring SIP SRST Features Using Back-to-Back User Agent Mode. • Prepare the Cisco Unified SIP SRST device to use certificates as documented in Setting Up Secure Survivable Remote Site Telephony. Restrictions for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST SIP phones may be configured on the Cisco Unified CM with an authenticated device security mode. The Cisco Unified CM ensures integrity and authentication for the phone using a TLS connection with NULL-SHA cipher for signaling. If an authenticated SIP phone fails over to the Cisco Unified SRST device, it will register using TCP instead of TLS/TCP, thus disabling the authenticated mode until the phone fails back to the Cisco Unified CM. • By default, non-secure TCP SIP phones are permitted to register to the SRST device on failover from the primary call control. Support for TCP SIP phones requires the secure SRST configuration described in this section even if no encrypted phones are deployed. Without the secure SIP SRST configuration, TCP phones will register to the SRST device using UDP for signaling transport. OL-13143-04 Cisco Unified SCCP and SIP SRST System Administrator Guide 221