All,
I have the following scenario:
CUCM 9.1.2SU1
VCS X8.1.1
MX300 endpoints (CUCM registered)
We are not running in mixed mode on CUCM
We want media streams with external call parties to be encrypted. We do have TLS end-to-end but I don't believe we can support SRTP to the MX300s registered to UCM w/o provisioning mixed mode (based on Cisco docs). So, we are attempting to use Media encryption policy on the VCS. Specifically, we set one of the traversal client zone to use "Best effort". This works for most calls but we have seen a couple of calls fail.
From end user perspective, failures manifest as a call that gets connected and is immediately torn down.
On the VCS, we will see the following when looking at the call history:
The B2BUA Encryption component is disconnected after ~3 seconds. The disconnect reason is: B2BUA disconnected call on the ingress saying "mismatched transport type in answer".
Based on context clues, this points to TLS negotiation. The thing is, if I set the media policy back to "auto" then the call connects fine and the transport is TLS. At least, it reports TLS on my VCS-C and VCS-E.
Any pointers that someone is willing to toss my way?
Thanks in advance,
Bill (@ucguerrilla)
