[cisco-voip] Secure calls between CUCM and CUCME

[Phil G]

Thanks for your answer.

But as far as i know TLS is only supported on CUCM with SIP-trunks (and 
SCCP/SIP-line side). CME does support TLS with SCCP-line side only, but 
not with H323. That means, we have to confige IPSec between CUCM and all 
CMEs?



Nick Matthews wrote:
> I haven't personally done this, but it should work.  SRTP keys will be
> negotiated in the H.225 exchange in H.323.  For H.323, CME won't even
> know the difference between a CME and CUCM.  The GK isn't even
> involved in anything but call routing/bandwidth, so the question is if
> CME and CUCM support SRTP/TLS, which they do.
> 
> -nick
> 
> On Sun, Jan 17, 2010 at 5:52 AM, Phil G <pgciscovoip at gmx.net> wrote:
>> Hi!
>>
>> Has anyone experience with secure calls between a CUCM-Cluster and a
>> CUCME-deployment connected through a gatekeeper?
>>
>> Security-configuration (CTL-file, CAPFetc.) on CUCM-Cluster is obvious for
>> me.
>> Security-configuration (CTL-file,CAPF etc.) on CUCME is obvious for me.
>>
>> But are secure calls between CUCM and CUCME possible (i know that secure
>> calls between 2 CUCMEs are possible)? In CUCM-Admin we have a GK-controlled
>> Intercluster-Trunk pointing to the CUCMEs.
>>
>> How will the SRTP-keys be exchanged? BTW: How will the SRTP-keys be
>> exchanged between 2 CUCMEs?
>>
>> Another question:
>>
>> Lets say we have a CUCME configured with security. In CUCME we do not have
>> any security tokens, what if we have to replace the CUCME-router, how do we
>> sign the CTL-file with the old security "tokens" (which are 2
>> SAST-certificates),so that we do not have to delete the old CTL-file
>> manually?
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>