Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
0
Helpful
1
Replies

Encryption on Cisco 7940, 6921, 6941, 8961 & ATA 187

Jithin Jayanandan
Level 1
Level 1

‎06-06-2013 04:06 AM - edited ‎03-16-2019 05:44 PM

Hi,

We have CUCM ver 8.5 (Cluster of 2 servers, publisher & subscriber) registered with multiple 7940, 6941, 6921, 8961 phones along with few ATA 187 boxes. Everything is working fine but suddenly now business wants to enable security by encrypting data flow from few of these phones. These include 7940, 6921 and 8961 series phones, for testing purpose we had arranged the 2 security dongles needed for certificate generation. Followed each step whatever has been given in the below link.

https://supportforums.cisco.com/docs/DOC-18834


Observation :- Cisco 7940 Phones (SCCP)


CTL file is succesfully downloaded but when trying to push LSC  from call manager through "CAPF information" using "Authentication String" getting  "TLS error to x.x.x.x" after the phone power cycles (reset). Also once the authentication string is put on "LSC" under the "security settings" we get a "Connection Failed" error.

Due to which we are unable to register the phones using secure profile (LSC not getting downloaded).

Cisco 69xx Phones(SCCP)


No security related settings seen on the phone itself --- do we need a specific firmware load / Call manager version for security to work on these phones (Cisco 69xx phones).

Update - Upgraded cisco 69xx phones to load version 9.1.1, now able to see the securuty settings

But still facing the same issue faced for 7940 phones, also the logs int the .txt file are similar. (pasted below)

Also as per cisco document these phones support security, link below...

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/6921_6941_6961/8_0/english/admin/guide/6921net.html#wp1092086

Didnt try any further with 8961 & 6921 phones as got stuck with the above 2 phones.

Troubleshooting Done:

Checked & verified the serial number of the certificates on call manager (CAPF.pem & CallManager.pem with CTL contents), verified the hash value of CTL file with the CTL file downloaded on phone everythings is perfect and matching but still the LSC`s are not getting downloaded on the phone.

Also there is no cer files generated in the path below except for the .txt file (screenshot below).

cert.png

"file list activelog /cm/trace/capf/sdi"

common error seen in the .txt file is as pasted below..

16:20:21.474 |   debug ERROR:10.1.200.45: SSL3 alert write fatal handshake failure

16:20:21.474 |   debug ERROR:10.1.200.45: capfSSLHandShake Handshake failure

16:20:21.474 |   debug ERROR:Failed SSL handshake, calling capfReleaseSession() on deviceId: (null)

16:20:45.549 |   debug FD_ISSET i=0, SockServ=15

16:20:45.549 |   debug Accepted TCP connection from socket 0x00000015

CUCM ver - 8.5.1.10000-26

7940 Load information - P00308010200

6941 Load INformation - 8.5.1.66.22

Any help will be highly appreciated.....

Labels:
0 Helpful
1 Reply 1

Mathew Varghese
Level 1
Level 1

‎11-08-2013 12:53 AM

Hello, did you solve this issue?

We are facing a similar situation, kindly add any solution

Appreciate your reply

Regards,

Mathew

0 Helpful
Customers Also Viewed These Support Documents