I have two questions about security with Cisco Unified Communications Manager 8.6 and IPSec.
1. We want to use IPSec connections between gateways and CUCM server directly. We don't have a separate network device which would terminate the IPSec sessions in the data center, because we don't trust the data center, too.
Has the CUCM any restrictions how many IPSec connections he can handle?
In the SRND 8.x I found only "using IPSec on Unified CM servers can incur a significant impact on server performance", but what dose that mean?
We have roundabout 30 gateways/locations which we want to connect via IPSec.
2. Question: Can I use the loopback address of a gateway to establish an IPSec connection?
I found only configuration examples with physical ports.
I hope you can help me.
I am actually looking for the answer to same question you posted above. Were you able to get answer to your first question from Cisco TAC or account team? Please let me know.
Also were you considering on doing the IPSec between the CUCM nodes as well?
Adding the notes from SR 622930887
There is no definite number since it would depend on the load that you are running on the systems. But having as many as 30 tunnels is sure to affect the performance. While testing in the lab with 10 tunnels configured on a server did not significantly affected the performance. But again if you are running heavy load on the servers it is more likely to suffer a performance degradation than a server running lesser amount of load. So at this point the only thing is to get the ipsec tunnels configured on a node that is reasonably inactive in the cluster.
Thanks and Regards,
Is there a document you could share which outline step by step process for creating IPSec tunnels to CUCM using PKI certs?