Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1126
Views
0
Helpful
0
Replies

Sip Trunk over tunnel IPsec on Cisco CME

alvdelafuente
Level 1
Level 1

‎02-07-2018 12:31 AM - edited ‎03-03-2019 08:44 AM

I have a costumer with a CME installation. All his phones are SIP based and we have a sip trunk with other organization. He wants to secure the communications over this SIP trunk, but cannot use TLS and SRTP because of this:

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/manual/cmeadm/cmeauth.html#concept_B96E88E5896148AF8D3462588377AEE5 Restriction: • Secure SIP trunk is supported only on SCCP Cisco Unified CME and not on SIP Cisco Unified CME. Secure SIP lines are not supported on the Cisco Unified CME mode.

 

So the alternative is to create an IPsec tunnel from CME (on the same equipment) to the other peer, an send the voice traffic over it. But the problem I see in configure the IPSec on the CME is that I need to configure a access list to match the traffic to encrypt.

All the SIP traffic an RTP (media flow-through) came with a CME IP address, the access list do not apply to the router generated traffic, so the traffic does not encrypt.

 

¿What do you think? ¿Will it work or not?

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card