McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 916

↗ View in doc context
page
916
source
cucm/v15/feature-config-guide/feature-config-guide.md
chunk_id
cucm::v15::feature-config-guide::feature-config-guide::865

Encrypted iX Channel Unified Communications Manager supports an encrypted iX channel. The iX channel provides a reliable channel for multiplexing application media between SIP phones in a video conference. Encrypted iX Channel uses DTLS to add security to your deployment and ensures that the application media is sent over the iX Channel is private and cannot be viewed by intermediate parties who attempt to intercept media. IOS MTP and RSVP agents in pass through mode also support encrypted iX Channel. Configuration To enable an encrypted iX Channel on Unified Communications Manager, you must: • Check the Allow iX Application Media check box in the SIP Profile Configuration that is used by any intermediate SIP trunks. This setting turns on the iX channel negotiation. • Configure the Secure Call Icon Display Policy service parameter to enable a secure lock icon. By default, the setting is All media except BFCP and iX transports must be encrypted. Encryption Modes There are two types of Session Description Protocol (SDP) offers thatUnified Communications Manager supports for iX Channel encryption for encrypted phones. This encryption type is driven by what the endpoints support and is not a configurable item in the Unified Communications Manager. • Best Effort Encryption—The SDP offer is for an encrypted iX Channel, but falls back to a non-encrypted iX Channel if the SIP peers do not support it. This approach can be used if encryption is not mandatory in the solution. For example, encryption is mandatory within the cloud, and not in a single enterprise. Best-Effort iX Encryption m=application 12345 UDP/UDT/IX * a=setup:actpass a=fingerprint: SHA-1 <key> • Forced Encryption—The SDP offer is for an encrypted iX Channel only. This offer is rejected if the SIP peers do not support iX Channel encryption. This approach can be used in deployments where encryption is mandatory between endpoints. For example, encryption is mandatory between the two SIP devices. Forced iX Encryption m=application 12345 UDP/DTLS/UDT/IX * a=setup:actpass a=fingerprint: SHA-1 <key> By default, all Cisco IP Phones are set to offer Best Effort iX Encryption. However, you can reset this to Forced Encryption by setting the Encryption Mode to On within the Product-Specific Configuration of Cisco TelePresence endpoints, or by reconfiguring settings on the Cisco Meeting Server. Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 874 SIP Interoperability Encrypted iX Channel