cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1353
Views
0
Helpful
10
Replies

MCU5320 content sharing with encryption

Manuel Gansch
Level 1
Level 1

Hi,

i have a problem with a MCU5320.

It is not possible to see the content on the second screen in a call over the mcu when i use encryption.

The content is shown in the normal video channel on the first screen.

When i make the same call without encryption it is possible to see content on the second screen.

Is there a possibility to activate encryption and use the second screen for content?

best regards

Manuel Gansch

3 Accepted Solutions

Accepted Solutions

Are you using SIP?

http://www.cisco.com/en/US/docs/telepresence/infrastructure/mcu/release_note/Cisco_TelePresence_MCU_Software_Release_Notes_4-4_3-42.pdf

BFCP is only supportes without encryption (hopefully that will change in a future version)

Binary Floor Control Protocol on encrypted calls

The transmission of SIP content from the MCU using Binary Floor Control Protocol (BFCP) is not supported on encrypted calls. To allow content to be transmitted over SIP calls in a separate channel from main video, you should disable encryption on the MCU or on the target endpoint.

Regards, Paul

View solution in original post

If the remote endpoint supports SIP and H323, I would suggest to use H323 instead SIP, that is why I asked about what is the endpoint connected to MCU. Using H323, the protocol used for presentation is H239, in this case, encryption works without restriction.

If you cannot use H323, then I would suggest to disable encryption only to participants that use BFCP, you dont have to disable it globally on MCU configuration. You have to register the BFCP-enabled endpoints to MCU endpoints page, then you disable encryption only to those participants.

Regards

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

View solution in original post

or if you use VCS X7.2 you can make use of the B2B UA with setting the encryption policy to "force unencrypted" on the MCU Subzone or Zone.

Regards, Paul

View solution in original post

10 Replies 10

Paulo Souza
VIP Alumni
VIP Alumni

Hi Manuel,

What is the remote endpoint connected to the MCU?

Regards

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Are you using SIP?

http://www.cisco.com/en/US/docs/telepresence/infrastructure/mcu/release_note/Cisco_TelePresence_MCU_Software_Release_Notes_4-4_3-42.pdf

BFCP is only supportes without encryption (hopefully that will change in a future version)

Binary Floor Control Protocol on encrypted calls

The transmission of SIP content from the MCU using Binary Floor Control Protocol (BFCP) is not supported on encrypted calls. To allow content to be transmitted over SIP calls in a separate channel from main video, you should disable encryption on the MCU or on the target endpoint.

Regards, Paul

If the remote endpoint supports SIP and H323, I would suggest to use H323 instead SIP, that is why I asked about what is the endpoint connected to MCU. Using H323, the protocol used for presentation is H239, in this case, encryption works without restriction.

If you cannot use H323, then I would suggest to disable encryption only to participants that use BFCP, you dont have to disable it globally on MCU configuration. You have to register the BFCP-enabled endpoints to MCU endpoints page, then you disable encryption only to those participants.

Regards

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

or if you use VCS X7.2 you can make use of the B2B UA with setting the encryption policy to "force unencrypted" on the MCU Subzone or Zone.

Regards, Paul

Hi

I have C60 and C40 endpoints.

I will try to use H323 instead of SIP.

Thank you for your help.

best regards

Manuel Gansch

Hi Manuel,

I guess I can suggest one more thing as workaround to your problem. I think you can interwork the call (SIP to H323) using VCS. The endpoint should register to VCS using SIP (with encryption enable) and VCS should route the call to MCU (with encryption enable) using H323. You can do that by simply using a specific search rule to route call to MCU and force H323.

Be aware that, to interwork a encrypted call on VCS, the SIP signaling protocol must to be TLS, otherwise the call will be negotiated without encryption.

I have not tested it, but it is supposed to work.

If you guess this to be a good idea, you can try this option.

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Hi,

I´m using h323 instead of sip.

Now everything is working.

Thank you for your help

best regards

Manuel Gansch

H Manuel,

You are welcome! Thank you for confirming that your issue has been resolved.

Regards

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Hi Paul - I'm having some sharing issues with a customer, but I can connect to my MCU using SIP (Movi), encrypted,  and send content - and it appears in content channel - isn't this supposed to NOT work?

Hey John, in general its all said here,
The mcu does not support encrypted content on sip.

One way Paul already stayed, use the vcs encryption policy.

I prefer to run the mcu via h323 and let the vcs do the interworking.

An other option can be to look into the telepresence server


Sent from Cisco Technical Support iPhone App

Please remember to rate helpful responses and identify