Table of Contents
Advertisement
Configuring Secure SRST for SCCP and SIP
! Define aggregate control plane service for the active Route Processor.
control-plane
service-policy input control-plane-policy
Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST
Cisco Unified Survivable Remote Site Telephony (Cisco SRST) provides secure call signaling and
Secure Real-time Transport Protocol (SRTP) for media encryption to establish a secure, encrypted
connection between Cisco Unified IP Phones and gateway devices.
•
•
•
•
•
•
•
•
•
•
Prerequisites for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST
•
•
•
•
Restrictions for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST
SIP phones may be configured on the Cisco Unified CM with an authenticated device security mode.
The Cisco Unified CM ensures integrity and authentication for the phone using a TLS connection with
NULL-SHA cipher for signaling. If an authenticated SIP phone fails over to the Cisco Unified SRST
device, it will register using TCP instead of TLS/TCP, thus disabling the authenticated mode until the
phone fails back to the Cisco Unified CM.
•
OL-13143-04
Prerequisites for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST,
page 221
Restrictions for Configuring Secure SIP Call Signaling and SRTP Media with Cisco SRST, page 221
Information About Cisco Unified SIP SRST Support of Secure SIP Signaling and SRTP Media,
page 222
Configuring Cisco Unified Communications Manager, page 222
Configuring SIP SRTP for Encrypted Phones, page 223
Configuring SIP options for Secure SIP SRST, page 224
Configuring SIP SRST Security Policy, page 225
Configuring SIP User Agent for Secure SIP SRST, page 226
Verifying the Configuration, page 227
Configuration Example for Cisco Unified SIP SRST, page 228
Cisco IOS Release 15.0(1)XA and later releases.
Cisco Unified IP Phone firmware release 8.5(3) or later.
Complete the prerequisites and necessary tasks found in
Features Using Back-to-Back User Agent Mode.
Prepare the Cisco Unified SIP SRST device to use certificates as documented in
Survivable Remote Site
Telephony.
By default, non-secure TCP SIP phones are permitted to register to the SRST device on failover from
the primary call control. Support for TCP SIP phones requires the secure SRST configuration
described in this section even if no encrypted phones are deployed. Without the secure SIP SRST
configuration, TCP phones will register to the SRST device using UDP for signaling transport.
(optional)
(optional)
Prerequisites for Configuring SIP SRST
Cisco Unified SCCP and SIP SRST System Administrator Guide
How to Configure Secure Unified SRST
Setting Up Secure
221
Advertisement
Table of Contents
Troubleshooting
