cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
253
Views
0
Helpful
3
Replies
Highlighted

Configuring CUBE mixed mode running UDP/TCP and TLS

Hi,

 

Current scenario:

CUBE is operating on TCP/UDP over the "SIP TRUNK/Dial-peer" via session target on dial-peers and on the system is only the Cisco self-signed certificate and trust point.

 

Question:

Can I keep this environment working and also add a signed certificate with its own trust point and force only 1 "SIP TRUNK/Dial-Peer" via session target to make use of TLS connection without affecting the system globally ie causing the rest of the dial-peers also expecting TLS "Certificate auth" connections?

Or is it possible to have a mixture running of plain UDP/TCP sessions and specify TLS sessions to specific destinations?

 

Best Regards
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Just to share the feedback I got back, so mixed mode is possible and as per my initial question it can be done on dial-peer level, not global.

You can use the CUBE in mixed-mode by explicitly giving session transport at dial-peer level.

The dial-peer level config will take preference over the global config.

Just to confirm, when I setup TLS on session transport under the dial-peer it will make use of my signed certificate and the signed certificate and the 3rd party certificate won’t interfere with the original setup using TCP/UDP?

If you configure TLS then other party has to have the certificates, to complete the handshake.  If the configuration exists at the 3rd party end and can exchange certificate then there will not be any issues.

If you configure tcp/udp then there will not be any issues.

Best Regards

View solution in original post

3 REPLIES 3
Highlighted
Contributor

Hello,



Basis the URL reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-sip-tls.html



The certificates would be allowed to whole CUBE not based on dial-peer. The transport TLS configuration is also required in sip-ua which implies globally. So I don't think this would be possible what you are trying to achieve.


*** Please rate helpful post. Please mark as answer if it solves your problem/query.
regards, Ritesh Desai
Highlighted

Thank you for the comment, I was taking a change to see if mixed mode would be possible, did use the guide above was just hoping maybe for a mid-way between either or TLS.

I am checking with TAC as well now just to confirm.

Best Regards
Highlighted

Just to share the feedback I got back, so mixed mode is possible and as per my initial question it can be done on dial-peer level, not global.

You can use the CUBE in mixed-mode by explicitly giving session transport at dial-peer level.

The dial-peer level config will take preference over the global config.

Just to confirm, when I setup TLS on session transport under the dial-peer it will make use of my signed certificate and the signed certificate and the 3rd party certificate won’t interfere with the original setup using TCP/UDP?

If you configure TLS then other party has to have the certificates, to complete the handshake.  If the configuration exists at the 3rd party end and can exchange certificate then there will not be any issues.

If you configure tcp/udp then there will not be any issues.

Best Regards

View solution in original post

Content for Community-Ad