Thank you Saurabh!

So you mean, encryption for SX20 is only AES-128?

Best Regards,

Kotaro Hashimoto

Hi Kotaro,

Yes , It Supports AES Encryption and when the system is in encrypted call, you can check by :-

Xstatus call.

It would show up the encryption type.

Thanks,

Saurabh

Hello there.

I'm wondering if there is something else to do, to set up encryption besides choosing "BestEffort or On" on the encryption option.

I can't find any documentation on this, and I got 2 sx20 that only connect without encryption.

Anybody have configured this and can point me somewhere?

Thanks.

It might depend in which region you are located. There is a version which simply does not support encryption.

I am not sure if the xcommand mentioned would still exist and would even return an ok if the system does not

support encryption.

You should see it on the name of the software version the non encrypted it TCNC where the one

which supports encryption is TC

xstat SystemUnit Software Version
*s SystemUnit Software Version: "TC6.2.1.69d401c"
** end

Besides that you shall not have any device in the path which tries to modify the signaling, like

ALG, NAT Helper, ..., all Layer3 functionality needs to be disabled.

Do you use any kind of call control? That can also have an impact (the VCS also exists

without encryption, could picture that would break it.

Also the used call protocol, try h323 and if you use sip you need to use TLS, without (tcp or udp)

it will most likely not work neither.

Please remember to rate helpful responses and identify helpful or correct answers.

Ok, so it is not that simple as it was looking.

System version seems to be ok, I have TC5.1.4.295090.

Both sx20 are registered to CUCM, as VCS is still not there, and they are using SIP to call each other.

So now I'm thinking this needs to be done on CUCM too right? Making it a secure device there too..

Well, at least it is a new path to follow, let´s see what I found on this.

Thanks so far!

Hi Bruno,

As you are using SX20 registered to CUCM, you really need to consider some requirements and configuration steps before having encryption working. These are the main points you should consider:

• TC 6.0 and later are required to have encryption working in CUCM (I recommend TC 6.2.X)
• CUCM 9.0 and later are required to have encryption working with TC endpoints ( I recommend CUCM 9.1.1)
• You must to follow some configuration steps in order to enable encryption, take a look at this guide starting on page 11:

http://www.cisco.com/en/US/docs/telepresence/endpoint/codec-c-series/tc6/administration_guide/administering-endpoints-running-tc62-on-ucm911.pdf

I hope this help.

Regards

Paulo Souza

Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Thanks Paulo.

I didn't go through the doc with more attention, but I didn't see the CUCM 9.0 requirement on this.

This would be a bit of a problem since I am on 8.6(4) now.

But this is good information, so far it seems that I would need to treat the Sx20 just like a Secure (encrypted) phone, on the CUCM perspective at least.

I'll dig into this more next week and see what happens.

Thanks all so far.

Regards.