Solved: Secure SIP trunks - Is it just the signalling that is encrypted?

carl_townshend · ‎03-08-2019

Hi All

On the call manager, when you have SIP trunk profile and you set it to encrypted and transport type TLS, does this only encrypt the signalling or signalling and media (RTP) traffic etc?

cheers

Dennis Mink · ‎03-08-2019

TLS will only encrypt an authenticate the signalling traffic that runs across the SIP trunk, you can enable sRTP allowed on the trunk configuration on cucm, provided you have RTP running across the trunk. so for instance in a cube flow through scenario your RTP will terminate on the cube itself, so in this case it is usefull to protect RTp (sRTP) across the trunk. if you use flow around, then you will need to put your cluster in mixed mode and all your phones will need to be configured using sRTP.

its quite a complicated topic, but there is plenty of documentation about it

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Dennis Mink · ‎03-08-2019

TLS will only encrypt an authenticate the signalling traffic that runs across the SIP trunk, you can enable sRTP allowed on the trunk configuration on cucm, provided you have RTP running across the trunk. so for instance in a cube flow through scenario your RTP will terminate on the cube itself, so in this case it is usefull to protect RTp (sRTP) across the trunk. if you use flow around, then you will need to put your cluster in mixed mode and all your phones will need to be configured using sRTP.

its quite a complicated topic, but there is plenty of documentation about it

Please remember to rate useful posts, by clicking on the stars below.