[cisco-voip] Secure calls between CUCM and CUCME
Phil G
pgciscovoip at gmx.net
Mon Jan 18 09:56:52 EST 2010
Thanks for your answer.
But as far as i know TLS is only supported on CUCM with SIP-trunks (and
SCCP/SIP-line side). CME does support TLS with SCCP-line side only, but
not with H323. That means, we have to confige IPSec between CUCM and all
CMEs?
Nick Matthews wrote:
> I haven't personally done this, but it should work. SRTP keys will be
> negotiated in the H.225 exchange in H.323. For H.323, CME won't even
> know the difference between a CME and CUCM. The GK isn't even
> involved in anything but call routing/bandwidth, so the question is if
> CME and CUCM support SRTP/TLS, which they do.
>
> -nick
>
> On Sun, Jan 17, 2010 at 5:52 AM, Phil G <pgciscovoip at gmx.net> wrote:
>> Hi!
>>
>> Has anyone experience with secure calls between a CUCM-Cluster and a
>> CUCME-deployment connected through a gatekeeper?
>>
>> Security-configuration (CTL-file, CAPFetc.) on CUCM-Cluster is obvious for
>> me.
>> Security-configuration (CTL-file,CAPF etc.) on CUCME is obvious for me.
>>
>> But are secure calls between CUCM and CUCME possible (i know that secure
>> calls between 2 CUCMEs are possible)? In CUCM-Admin we have a GK-controlled
>> Intercluster-Trunk pointing to the CUCMEs.
>>
>> How will the SRTP-keys be exchanged? BTW: How will the SRTP-keys be
>> exchanged between 2 CUCMEs?
>>
>> Another question:
>>
>> Lets say we have a CUCME configured with security. In CUCME we do not have
>> any security tokens, what if we have to replace the CUCME-router, how do we
>> sign the CTL-file with the old security "tokens" (which are 2
>> SAST-certificates),so that we do not have to delete the old CTL-file
>> manually?
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
More information about the cisco-voip
mailing list