[cisco-voip] Secure calls between CUCM and CUCME

Nick Matthews matthnick at gmail.com
Sun Jan 17 13:23:16 EST 2010


I haven't personally done this, but it should work.  SRTP keys will be
negotiated in the H.225 exchange in H.323.  For H.323, CME won't even
know the difference between a CME and CUCM.  The GK isn't even
involved in anything but call routing/bandwidth, so the question is if
CME and CUCM support SRTP/TLS, which they do.

-nick

On Sun, Jan 17, 2010 at 5:52 AM, Phil G <pgciscovoip at gmx.net> wrote:
> Hi!
>
> Has anyone experience with secure calls between a CUCM-Cluster and a
> CUCME-deployment connected through a gatekeeper?
>
> Security-configuration (CTL-file, CAPFetc.) on CUCM-Cluster is obvious for
> me.
> Security-configuration (CTL-file,CAPF etc.) on CUCME is obvious for me.
>
> But are secure calls between CUCM and CUCME possible (i know that secure
> calls between 2 CUCMEs are possible)? In CUCM-Admin we have a GK-controlled
> Intercluster-Trunk pointing to the CUCMEs.
>
> How will the SRTP-keys be exchanged? BTW: How will the SRTP-keys be
> exchanged between 2 CUCMEs?
>
> Another question:
>
> Lets say we have a CUCME configured with security. In CUCME we do not have
> any security tokens, what if we have to replace the CUCME-router, how do we
> sign the CTL-file with the old security "tokens" (which are 2
> SAST-certificates),so that we do not have to delete the old CTL-file
> manually?
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>


More information about the cisco-voip mailing list