02-10-2010 12:18 PM - edited 03-18-2019 11:05 AM
hi,
I have a lab setup with Cisco UCM 7.0.2 and i have two phones registered to the CUCM , one SIP and one SCCP phone.
I have another 3rd party PBX with phones ringing these two phones. I want to enable SRTP and my main question is as follows:
to activate SRTP for the Cisco phones do i need to set my CUCM to mixed mode ?
Both Cisco phones have MIC certs installed on them and looking at the settings on the phones it looks like the phones
are in non-secure mode. I used CTL client to see could i change the CUCM to mixed mode but i get a response saying i need
a security token.
/Tom
02-10-2010 12:28 PM
You need 2 security tokens for that, if you don't have them it's impossible to enable encryption.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_1_2/secugd/secuauth.html
Before you configure the Cisco CTL Client, verify that you activated the Cisco CTL Provider service and the Cisco Certificate Authority Proxy Function service in Cisco Unified Serviceability. Obtain at least two security tokens; the Cisco certificate authority issues these security tokens. The security tokens must come from Cisco. You will insert the tokens one at a time into the USB port on the server/workstation. If you do not have a USB port on the server, you may use a USB PCI card.
HTH
java
If this helps, please rate
www.cisco.com/go/pdihelpdesk
02-11-2010 01:15 AM
thanks for the speedy response Java
I have one more question to clarify more for me.
I understand now that i need two Security Tokens to enable mixed mode for the CUCM.
Is it neccesary to put LSC certs onto the phone also for SRTP or should the MIC certs suffice ?
10-25-2012 07:20 AM
Is is possible to use security tokens in vmware environment installation refers to the CUCM 9.0?
10-25-2012 07:27 AM
I think you can use the same CTL for vmware cobsider the usb will be connected to the admin pc with the ctl client software not the server itself.
The the ctl client will insert the certs into the cucm cluster.
Sent from Cisco Technical Support iPhone App
11-06-2012 02:20 AM
I mean is it possible to change CUCM on vmware to the mixed mode?
11-06-2012 06:02 AM
Yes, just follow the instructions from the CUCM security guide.
Whether it's on an MCS or a UCS makes no difference.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
07-02-2010 07:34 AM
It is strongly recommended that you use LSC's as opposed to MIC's
Tip
Cisco recommends that you use manufacturer-installed certificates (MICs) for LSC installation only. Cisco supports LSCs to authenticate the TLS connection with Cisco Unified Communications Manager. Because MIC root certificates can be compromised, customers who configure phones to use MICs for TLS authentication or for any other purpose do so at their own risk. Cisco assumes no liability if MICs are compromised.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide