<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>We are deploying SRTP for all voice traffic in the network…we need also to secure signaling messages between CUCM and gateways as SRTP encryption key is negotiated in the signaling phase and we don’t want this to be in clear text.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I did it before for CUCM cluster with only 2 gateways and it is working okay…but now I have more than 30 gateway “and could be more in the future” so I am concerned of CUCM server processing.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div><p class=MsoNormal style='background:white'><span style='font-size:10.0pt;color:#1F497D'> </span><span style='font-size:10.5pt;color:#1F497D'>Best Regards;<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt;color:#1F497D'> Ahmed Elnagar<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt;color:#1F497D'> Senior Network PS Engineer<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt;color:#1F497D'> Mob: +2019-0016211<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt;color:#1F497D'> CCIE#24697 (Voice)<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt;color:#1F497D'> <img width=63 height=63 id="_x0000_i1027" src="cid:image002.jpg@01CB7C96.90928090" alt="Description: ccie_voice_large.gif"><o:p></o:p></span></p></div></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Dennis Heim [mailto:Dennis.Heim@cdw.com] <br><b>Sent:</b> Friday, November 05, 2010 3:01 AM<br><b>To:</b> Ahmed Elnagar; cisco-voip@puck.nether.net<br><b>Subject:</b> RE: UC Security "IPSEC Tunnel"<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>What is driving the security requirement?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Dennis Heim<br>Network Voice Engineer<br>CDW Advanced Technology Services<br>11711 N. Meridian Street, Suite 225<br>Carmel, IN 46032<br><br>317.569.4255 Office/Home Office<br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>317.569.4201 Fax<br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>317.694.6070 Cell<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'><a href="mailto:dennis.heim@cdw.com" title="mailto:dennis.heim@berbee.com">dennis.heim@cdw.com</a><br></span><span style='font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F497D'><a href="http://www.cdw.com/content/solutions/unified-communications/">cdw.com/content/solutions/unified-communications/</a><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Ahmed Elnagar<br><b>Sent:</b> Thursday, November 04, 2010 7:58 PM<br><b>To:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> [cisco-voip] UC Security "IPSEC Tunnel"<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hello all;<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I want to secure signaling traffic between CUCM and MGCP, H323 gateways and I know that the only way is to configure IPSEC…I want to know how many IPSEC tunnels CUCM can handle…do Cisco has any sizing documents for this.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='background:white'><span style='font-size:10.0pt'> </span><span style='font-size:10.5pt'>Best Regards;<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> Ahmed Elnagar<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> Senior Network PS Engineer<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'><o:p> </o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'><img border=0 width=106 height=47 id="Picture_x0020_2" src="cid:image003.jpg@01CB7C96.90928090" alt="Description: untitled"><o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> RAYA Building El Motamiez District, 6th of October, Egypt <o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'><o:p> </o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> Mob: +2019-0016211<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> Phone: +202 3827 6000 Ext.2475<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> Website: <a href="http://www.rayacorp.com/">www.rayacorp.com</a><o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> E-mail: <a href="mailto:ahmed_elnagar@rayacorp.com">ahmed_elnagar@rayacorp.com</a><o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> CCIE#24697 (Voice)<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:10.5pt'> <img border=0 width=63 height=63 id="Picture_x0020_0" src="cid:image002.jpg@01CB7C96.90928090" alt="Description: ccie_voice_large.gif"><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'> <o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Disclaimer: NOTICE The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Raya will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Raya.If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. <o:p></o:p></span></p></div><DIV> </DIV>Disclaimer: NOTICE The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Raya will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Raya.If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. </body></html>