McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 203

↗ View in doc context
page
203
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::203

Procedure Purpose Command or Action Enable secure Gateways and Trunks for security. Set Up Secure Gateways and Trunks Step 1 Add, update, or copy a SIP trunk security profile. Set Up SIP Trunk Security Profile Step 2 Enable a SIP trunk security profile to the trunk and apply security profile to a device . Apply SIP Trunk Security Profile Step 3 Synchronize SIP trunks with a SIP Trunk security profile. Synchronize SIP Trunk Security Profile with SIP Trunks Step 4 Configure the SRTP Allowed option for H.323 gateways and gatekeeper or non-gatekeeper controlled H.323/H.245/H.225 trunks or SIP trunks. Allow SRTP Using Unified Communications Manager Administration Step 5 Set Up Secure Gateways and Trunks Use this procedure in conjunction with the document, Media and Signaling Authentication and Encryption Feature for Cisco IOS MGCP Gateways, which provides information on how to configure your CiscoIOS MGCP gateways for security. Procedure Step 1 Verify that you have run the utils ctl command to set the cluster in mixed mode. Step 2 Verify that you configured the phones for encryption. Step 3 Configure IPSec. Tip You may configure IPSec in the network infrastructure, or you may configure IPSec between Unified Communications Manager and the gateway or trunk. If you implement one method to set up IPSec, you do not need to implement the other method. Step 4 For H.323 IOS gateways and intercluster trunks, check the SRTP Allowed check box in Unified Communications Manager. The SRTP Allowed check box displays in the Trunk Configuration or Gateway Configuration window. For information on how to display these windows, refer to the trunk and gateway chapters in the Administration Guide for Cisco Unified Communications Manager. Step 5 For SIP trunks, configure the SIP trunk security profile and apply it to the trunk(s), if you have not already done so. Also, be sure to check the SRTP Allowed check box in the Device > Trunk > SIP Trunk Configuration window. Caution If you check the SRTP Allowed check box, we recommend that you use an encrypted TLS profile, so that keys and other security-related information does not get exposed during call negotiations. If you use a non-secure profile, SRTP will still work but the keys will be exposed in signaling and traces. In that case, you must ensure the security of the network between Unified Communications Manager and the destination side of the trunk. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 185 Basic System Security Set Up Secure Gateways and Trunks