McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 205

↗ View in doc context
page
205
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::205

Table 32: SIP Trunk Security Profile Configuration Settings Description Setting Enter a name for the security profile. When you save the new profile, the name displays in the SIP Trunk Security Profile drop-down list in the Trunk Configuration window. Name Enter a description for the security profile. The description can include up to 50 characters in any language, but it cannot include double-quotes ("), percentage sign (%), ampersand (&), back-slash (), or angle brackets (<>). Description From the drop-down list, choose one of the following options: • Non Secure—No security features except image authentication apply. A TCP or UDP connection opens to Unified Communications Manager. • Authenticated—Unified Communications Manager provides integrity and authentication for the trunk. A TLS connection that uses NULL/SHA opens. • Encrypted— Unified Communications Manager provides integrity, authentication, and signaling encryption for the trunk. A TLS connection that uses AES128/SHA opens for signaling. Note If the trunks are configured with Device Security Profile option selected as Authenticated, then Unified Communications Manager starts a TLS connection that uses NULL_SHA cipher (without data encryption). These trunks will not register or make calls if the destination devices do not support NULL_SHA cipher. For destination devices that do not support NULL_SHA cipher, the trunks should be configured with Device Security Profile option selected as Encrypted. With this device security profile, the trunks offer additional TLS ciphers that enables data encryption. Note This Note is applicable from Release 15SU2 onwards. When the minimum supported TLS version on Unified CM is set to 1.3, the trunks with Authenticated Device Security Mode will fail to connect with the destination. Device Security Mode When Device Security Mode is Non Secure TCP+UDP specifies the transport type. When Device Security Mode is Authenticated or Encrypted, TLS specifies the transport type. Note The Transport Layer Security (TLS) protocol secures the connection between Unified Communications Manager and the trunk. Incoming Transport Type Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 187 Basic System Security SIP Trunk Security Profile Settings