10-14-2020 04:31 PM
Hi,
Current scenario:
CUBE is operating on TCP/UDP over the "SIP TRUNK/Dial-peer" via session target on dial-peers and on the system is only the Cisco self-signed certificate and trust point.
Question:
Can I keep this environment working and also add a signed certificate with its own trust point and force only 1 "SIP TRUNK/Dial-Peer" via session target to make use of TLS connection without affecting the system globally ie causing the rest of the dial-peers also expecting TLS "Certificate auth" connections?
Or is it possible to have a mixture running of plain UDP/TCP sessions and specify TLS sessions to specific destinations?
Solved! Go to Solution.
10-15-2020 06:19 AM
Just to share the feedback I got back, so mixed mode is possible and as per my initial question it can be done on dial-peer level, not global.
You can use the CUBE in mixed-mode by explicitly giving session transport at dial-peer level.
The dial-peer level config will take preference over the global config.
Just to confirm, when I setup TLS on session transport under the dial-peer it will make use of my signed certificate and the signed certificate and the 3rd party certificate won’t interfere with the original setup using TCP/UDP?
If you configure TLS then other party has to have the certificates, to complete the handshake. If the configuration exists at the 3rd party end and can exchange certificate then there will not be any issues.
If you configure tcp/udp then there will not be any issues.
10-15-2020 01:12 AM
10-15-2020 01:42 AM
Thank you for the comment, I was taking a change to see if mixed mode would be possible, did use the guide above was just hoping maybe for a mid-way between either or TLS.
I am checking with TAC as well now just to confirm.
10-15-2020 06:19 AM
Just to share the feedback I got back, so mixed mode is possible and as per my initial question it can be done on dial-peer level, not global.
You can use the CUBE in mixed-mode by explicitly giving session transport at dial-peer level.
The dial-peer level config will take preference over the global config.
Just to confirm, when I setup TLS on session transport under the dial-peer it will make use of my signed certificate and the signed certificate and the 3rd party certificate won’t interfere with the original setup using TCP/UDP?
If you configure TLS then other party has to have the certificates, to complete the handshake. If the configuration exists at the 3rd party end and can exchange certificate then there will not be any issues.
If you configure tcp/udp then there will not be any issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide