[cisco-voip] Looking for advice on sRTP using tokenless CTL
Ryan Huff
ryanhuff at outlook.com
Tue Oct 17 14:01:32 EDT 2017
Looking at enabling sRTP on a 10.x cluster (CUCM, EXPRESSWAY, CXN, UCCX). As I have been researching this topic; I’ve found the “riskiest” task to be enabling CTL / Mixed Mode in CUCM. Specifically, if you have devices that do not support Security By Default.
It’s my understanding that once the callmanager cert changes, any device that can’t negotiate with the TVS service to establish verification will not be able to download the new CTL, and therefore not be able to re-register to CUCM until their CTL is removed.
The device/trunk security profile configurations seems straight forward as do the steps to take on CUBE and Expressway (regarding the trunk security).
I haven’t completed my research into the CXN/UCCX requirements for SRTP with CUCM.
Are their any other major/general pitfalls I should look out for? Anyone have any horror stories or lessons learned to share?
Thanks,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171017/17993892/attachment.html>
More information about the cisco-voip
mailing list