McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 202

↗ View in doc context
page
202
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::202

Unified Communications Manager allows some types of gateways and trunks to transparently pass through the shared secret (Diffie-Hellman key) and other H.235 data between two H.235 endpoints, so the two endpoints can establish a secure media channel. To enable the passing through of H.235 data, check the H.235 pass through allowed check box in the configuration settings of the following trunks and gateways: • H.225 Trunk • ICT Gatekeeper Control • ICT non-Gatekeeper Control • H.323 Gateway For information about configuring trunks and gateways, see the Administration Guide for Cisco Unified Communications Manager . About SIP Trunk Security Profile Setup Unified Communications Manager Administration groups security-related settings for the SIP trunk to allow you to assign a single security profile to multiple SIP trunks. Security-related settings include device security mode, digest authentication, and incoming/outgoing transport type settings. You apply the configured settings to the SIP trunk when you choose the security profile in the Trunk Configuration window. Installing Unified Communications Manager provides a predefined, nonsecure SIP trunk security profile for autoregistration. To enable security features for a SIP trunk, configure a new security profile and apply it to the SIP trunk. If the trunk does not support security, choose a nonsecure profile. Only security features that the SIP trunk supports display in the security profile settings window. SIP Trunk Security Profile Setup Tips Consider the following information when you configure SIP trunk security profiles in Unified Communications Manager Administration: • When you are configuring a SIP trunk, you must select a security profile in the Trunk Configuration window. If the device does not support security, apply a nonsecure profile. • You cannot delete a security profile that is currently assigned to a device. • If you change the settings in a security profile that is already assigned to a SIP trunk, the reconfigured settings apply to all SIP trunks that are assigned that profile. • You can rename security files that are assigned to devices. The SIP trunks that are assigned the old profile name and settings assume the new profile name and settings. • If you configured the device security mode prior to a Unified Communications Manager 5.0 or later upgrade, Unified Communications Manager creates a profile for the SIP trunk and applies the profile to the device. Configure Trunk and Gateway SIP Security Task Flow Complete the following task to configure Gateway and SIP security. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 184 Basic System Security About SIP Trunk Security Profile Setup