McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 182

↗ View in doc context
page
182
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::178

• The media security policy that is configured for your system may alter secure conference behavior; for example, an endpoint will use media security according to the system media security policy, even when participating in a conference call with endpoints that do no support media security. CiscoUnifiedCommunicationsManagerRestrictionswithSecureConference This section describes Unified Communications Manager restrictions with secure conferencing feature. • Encrypted Cisco IP Phones that are running release 8.2 or earlier can only participate in a secure conference as authenticated or nonsecure participants. • Cisco Unified IP Phones that are running release 8.3 with an previous release of Unified Communications Manager will display their connection security status, not the conference security status, during a conference call and do not support secure conference features like conference list. • Cisco Unified IP Phones 7800 and 7911G do not support conference list. • Due to bandwidth requirements, Cisco Unified IP Phones 7942 and 7962 do not support barge from an encrypted device on an active encrypted call. The barge attempt will fail. • Cisco Unified IP Phone 7931G does not support conference chaining. • Phones that are calling over SIP trunks get treated as nonsecure phones, regardless of their device security status. • If a secure phone attempts to join a secure meet-me conference over a SIP trunk, the call gets dropped. Because SIP trunks do not support providing the “device not authorized” message to a phone that is running SIP, the phone does not update with this message. In addition, 7962 phones that are running SIP do not support the “device not authorized” message. • In intercluster environments, the conference list does not display for off-cluster participants; however, the security status for the connection displays next to the Conference softkey as long as the connection between the clusters supports it. For example, for H.323 ICT connections, the authentication icon does not display (the system treats the authenticated connection as nonsecure), but the encryption icon displays for an encrypted connection. Off-cluster participants can create their own conference that connects to another cluster across the cluster boundary. The system treats the connected conferences as a basic, two-party call. Securing Conference Resources Tips Consider the following information before you configure secure conference bridge resources: • Use localization if you want the phone to display custom text for secure conference messages. Refer to the Unified Communications Manager Locale Installer documentation for more information. • The conference or built-in bridge must support encryption to secure conference calls. • To enable secure conference bridge registration, set the cluster security mode to mixed mode. • Ensure the phone that initiates a conference is authenticated or encrypted to procure a secure conference bridge. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 164 Basic System Security Cisco Unified Communications Manager Restrictions with Secure Conference