Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3380
Views
0
Helpful
17
Replies

Problem with setting up AES

chanhontung
Level 1
Level 1

‎06-01-2012 07:33 PM - edited ‎03-17-2019 11:15 PM

Dear All Experts

I run in to troble with external stand alone VC  try to call in with encryption on.

I have set up tandberg mxp 1700 register the H.323  and SIP to my VCSC and  VCSE

When I try to make a H323/SIP call from mxp 1700 to the external VC it work just fine

But when I try try to make a call from the external stand alone VC to mxp 1700.

It just disconnect by itself.

I looked it in to the lock . It just rejected by the vcse by the following log:

tvcs: Event="

Call Rejected

" Service="

H323

" Src-ip="

101.78.153.150

" Src-port="

11039

" Src-alias-type="

H323

" Src-alias="

MXP206

" Src-alias-type="

E164

" Src-alias="

852206

" Dst-alias-type="

H323

" Dst-alias="

mxp208@nete2mg.com

" Call-serial-number="

d14cee2e-ac58-11e1-84e0-0010f31ae488

" Tag="

d14cef0a-ac58-11e1-8f10-0010f31ae488

" Protocol="

TCP

" Response-code="

Undefined reason

" Level="

1

" UTCTime="

2012-06-02 02:15:30,854

"

everythin work out find with both system without enabel the encryption

my vcse version is x6.1

Any experts can me out on this?

Thanks

Labels:
0 Helpful
17 Replies 17

chanhontung
Level 1
Level 1
In response to Tomonori Taniguchi

‎06-12-2012 05:58 PM

THX! Also one more question.

now I am focusing to work on Traverl zone and local zone only

Is other zone have a anything to do with my case.

Since the SIP call withount encryption is working fine.

0 Helpful

Tomonori Taniguchi
Cisco Employee
Cisco Employee
In response to chanhontung

‎06-12-2012 06:06 PM

Default Subzone and Default Zone will involve traversal call/registration in default configuration.

However current release version doesn’t have any configuration that will control enable/disable encryption over SIP call while using TLS as transport protocol.

So as long as TLS is in used for your call, your zone configuration should be fine.

Please note that there are few firewalls does support TLS inspection today (Cisco ASA, Checkpoint, etc.). If you are using such firewall, I’d suggest to disable it for isolating firewall issue. (please note very unfortunately some of firewall may require create rule manually to disable TLS inspection even it have check box to disable the TLS inspection…).

0 Helpful

chanhontung
Level 1
Level 1
In response to Tomonori Taniguchi

‎06-12-2012 09:43 PM

Thanks Tomonori

I am using Cisco ASA5510 firewall. It should be suitable for our case.

I will try to disable thel TLS inspection

THX for your help

0 Helpful
Customers Also Viewed These Support Documents