Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
1
Replies

Enabling voice encryption queries

siukai.kwok
Level 1
Level 1

‎05-03-2011 08:07 PM - edited ‎03-16-2019 04:47 AM

We are planning to enable voice media encryption in our existing CUCM environment, I have the following question want to clarify:

1. Can we enable media encyption only (without signaling encryption)?

2. If seperate office network are behind firewall, can the encrypted signal pass through the firewall? I read some documents said that the encrypted signal cannot be inspected by firewall.

Please help. Thanks.

Labels:
0 Helpful
1 Reply 1

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎05-04-2011 03:49 AM 

1. Can we enable media encyption only (without signaling encryption)?

No. The symetric keys for the SRTP streams of the call are passed to each endpoint in the signaling stream with CUCM. Leaving the signaling stream unencrypted would completely defeat the purpose of SRTP.

2. If seperate office network are behind firewall, can the encrypted signal pass through the firewall? I read some documents said that the encrypted signal cannot be inspected by firewall.

You won't be able to do layer seven (i.e. SIP or SCCP) inspection on the firewall and will need to allow TLS and RTP/SRTP sessions through as that is all the firewall will see. Essentially your ACLs will have to be more open. Alternatively you can use a Trusted Relay Point for TURN support if you're using IOS ZBFW. The UC SRND has some additional reference information in the Security chapter: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/security.html

0 Helpful
Customers Also Viewed These Support Documents