Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
187
Views
0
Helpful
3
Replies

Where does SRTP get enabled

Snoogie2563
Level 1
Level 1

‎05-20-2024 10:36 AM

Hi All,

I am trying to determine where in the flow of a call does SRTP become an available offering by an endpoint? I have found plenty of references regarding how to tell if SRTP can be applied to a media stream by inspecting the SIP: SDP messages, but I don't know how to gain access to these messages to inspect them. I know that's almost a different topic, but it is clearly related to my original question.

Anyway, I see that the way to enable SRTP is to navigate to "System" tab on the menu bar across the top of the CUCM UI, select "Security" from the available drop downs and then select "Phone Security Profile" to build a secure profile for an endpoint. From there set "Device Security Mode" to "Encrypted" and "Transport Type" to "TLS". Then you assign that security proile to the specific device you are adding or configuring.

What I don't understand, among other things, does this actually push a setting from the CUCM back to the endpoint which wouls allow the segment of the media stream between the endpoint and the CUCM to be encrypted. I'm confused because I don't see any configurable setting on the endpoin t itself to encrypt transmissions from it.

As a final but related topic I'm asking all this not only because I need to know how this works for endpoints registered to a CUCM, but also for endpoints registered directly to my Expressway C. If the conguration does not occur on the endpoint then the Expressway situation could be completely different.

Thanks for your time and any relevant thoughts or insight to this.

Have a great day!

Respectfully,

Chuck Reel

Labels:
0 Helpful
3 Replies 3

Roger Kallberg
VIP
VIP

‎05-20-2024 11:05 AM - edited ‎05-21-2024 10:41 AM

It is as you said defined in the security profile that you assign to a device. This tells the CM to negotiate the calls as secure. One thing though, there is no media stream between the device and CM as the media flows between the endpoints that take part of the call. About how this translates to Expressway I’m not sure about as I have never worked with devices registered in an Expressway. Likely it operates in a similar way, ie the configuration defines the call to be negotiated as secure.



Response Signature


0 Helpful

Snoogie2563
Level 1
Level 1
In response to Roger Kallberg

‎05-21-2024 10:05 AM

Thank you Roger, that does not **bleep** the entire scope of what I am trying to determine, but every liece of related information helps in assembling the overall puzzle.

0 Helpful

Snoogie2563
Level 1
Level 1
In response to Snoogie2563

‎05-21-2024 10:08 AM

Wow, I have no idea what happened there. Rest assurred that nothing I said should have been "bleeped" out. It should have said, "Thank you Roger, that does not cover the entire scope of what I am trying to determine, but every piece of related information helps in assembling the overall puzzle.

0 Helpful
Customers Also Viewed These Support Documents