Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1109
Views
0
Helpful
4
Replies

Secure Call

Go to solution
Andersen_M
Level 1
Level 1

‎02-22-2011 10:42 AM - edited ‎03-16-2019 03:36 AM

I have a problem with secure call, my phones will not switch to secure mode when I call through a PBX. If I make a direct call (peer to peer), my phones will switch to secure mode.

I read in the manual that the secure call establishment relies on exchange of information embedded in message bodies of SIP INFO requests/responses, the service provider must maker sure that their infrastructure will allow the SIP INFO messages to pass through with the message body unmodified.

I tried to use a SIP proxy to eavesdrop traffic, but it didn't work with peer to peer call. Therefore, it was not possible to compare peer to peer calls with regular calls through the PBX.

Now to the question, what kind of SIP INFO messages must pass through with the message body unmodified?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee
In response to Andersen_M

‎02-24-2011 10:06 AM

The call is sending out RTP/AVP instead of RTP/SAVP.  There are two catches with trying to setup a secure call, you cannot have a media termination point or transcoder in the call flow for the call to be setup as secure:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_1/secugd/secuview.html#wp1089060

If the call is going out to the PSTN, the gateway that interfaces with the PSTN connection would need to be configured for encryption too in order to establish an external secure call, even though security is only really guarenteed to the gateway.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee

‎02-22-2011 12:41 PM

How's the PBX connected to call manager?  Typically the initial INIVITE will contain the secure information such as SAVP for secure RTP and transport TLS with a crypto line.  Did you get a certificate from the PBX/provider to upload to your call manager to accept the TLS handshake?

0 Helpful

Go to solution
Andersen_M
Level 1
Level 1
In response to Joseph Martini

‎02-24-2011 09:08 AM

Thanks for the response. I'm not sure of how the PBX is connected, I don't work with the phone system.

Today, I know a little bit more of what is working and what is not working.

Phones will switch to secure mode if I call from one extension to another extension, the problem is when i call through the phone company.

I'm not sure if this will cause the issue, but I think so.

The phone I call from send this info: m=audio 16406 RTP/AVP 0 2 4 8 18 96 97 98 100 101

The phone at the other end get this: m=audio 10068 RTP/AVP 0 8 3 101

It looks like the SIP INFO messages do not pass through with the message body unmodified.

I'm not sure of how to solve this problem, maybe reroute specific calls over the internet.

0 Helpful

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee
In response to Andersen_M

‎02-24-2011 10:06 AM

The call is sending out RTP/AVP instead of RTP/SAVP.  There are two catches with trying to setup a secure call, you cannot have a media termination point or transcoder in the call flow for the call to be setup as secure:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_1/secugd/secuview.html#wp1089060

If the call is going out to the PSTN, the gateway that interfaces with the PSTN connection would need to be configured for encryption too in order to establish an external secure call, even though security is only really guarenteed to the gateway.

0 Helpful

Go to solution
Andersen_M
Level 1
Level 1
In response to Joseph Martini

‎02-26-2011 04:46 AM

Thanks for the answer, it loks like I have to skip the PSTN and reroute all secure calls through a VPN connection.

0 Helpful
Customers Also Viewed These Support Documents