04-11-2013 12:28 AM - edited 03-18-2019 12:55 AM
Hi all,
As mentioned in "sx20_quickset_administrator_guide_tc60.pdf" page 55, SX20 can use AES-128 if "Encryption Mode" is set as "Best Effort" and a farend endpoint/MCU can also use AES-128.
But if the farend endpoint is not able to use AES-128, does the SX20 try to negotiate with it to use other encryption methods (DES or something)?
Or SX20 simply try to establish connection without any encryption?
Best Regards,
Kotaro Hashimoto
Solved! Go to Solution.
04-15-2013 06:59 AM
Hi Kotaro,
At this point, only the following encryption standards are available on Sx20:
• Standards-based: H.235v3 and Advanced Encryption Standard (AES)
• Automatic key generation and exchange
• Supported in Dual Stream
Encryption is available at all connection speeds through Advanced Encryption Standard (AES) with a 128 bit session key.
I hope that answers your question.
Regards,
Mubashshir Akhtar
TelePresence Solution Group
04-12-2013 09:58 AM
Hi Kotaro,
Best Effort Encryption always depends on the other party. If the other endpoints supports encryption , the call will be encrypted.
If the other endpoint doesn't supports encryption, the call will not be encrypted.
So, if you want encryption - make sure both the endpoints have encryption turned on.
Hope this helps.
Regards,
Saurabh
04-15-2013 02:01 AM
Thank you Saurabh!
So you mean, encryption for SX20 is only AES-128?
Best Regards,
Kotaro Hashimoto
04-15-2013 06:59 AM
Hi Kotaro,
At this point, only the following encryption standards are available on Sx20:
• Standards-based: H.235v3 and Advanced Encryption Standard (AES)
• Automatic key generation and exchange
• Supported in Dual Stream
Encryption is available at all connection speeds through Advanced Encryption Standard (AES) with a 128 bit session key.
I hope that answers your question.
Regards,
Mubashshir Akhtar
TelePresence Solution Group
04-15-2013 11:40 AM
Hi Kotaro,
Yes , It Supports AES Encryption and when the system is in encrypted call, you can check by :-
Xstatus call.
It would show up the encryption type.
Thanks,
Saurabh
09-24-2013 11:29 AM
Hello there.
I'm wondering if there is something else to do, to set up encryption besides choosing "BestEffort or On" on the encryption option.
I can't find any documentation on this, and I got 2 sx20 that only connect without encryption.
Anybody have configured this and can point me somewhere?
Thanks.
09-24-2013 03:37 PM
It might depend in which region you are located. There is a version which simply does not support encryption.
I am not sure if the xcommand mentioned would still exist and would even return an ok if the system does not
support encryption.
You should see it on the name of the software version the non encrypted it TCNC where the one
which supports encryption is TC
xstat SystemUnit Software Version
*s SystemUnit Software Version: "TC6.2.1.69d401c"
** end
Besides that you shall not have any device in the path which tries to modify the signaling, like
ALG, NAT Helper, ..., all Layer3 functionality needs to be disabled.
Do you use any kind of call control? That can also have an impact (the VCS also exists
without encryption, could picture that would break it.
Also the used call protocol, try h323 and if you use sip you need to use TLS, without (tcp or udp)
it will most likely not work neither.
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
09-24-2013 05:06 PM
Ok, so it is not that simple as it was looking.
System version seems to be ok, I have TC5.1.4.295090.
Both sx20 are registered to CUCM, as VCS is still not there, and they are using SIP to call each other.
So now I'm thinking this needs to be done on CUCM too right? Making it a secure device there too..
Well, at least it is a new path to follow, let´s see what I found on this.
Thanks so far!
09-24-2013 06:20 PM
Hi Bruno,
As you are using SX20 registered to CUCM, you really need to consider some requirements and configuration steps before having encryption working. These are the main points you should consider:
I hope this help.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-25-2013 04:21 AM
Thanks Paulo.
I didn't go through the doc with more attention, but I didn't see the CUCM 9.0 requirement on this.
This would be a bit of a problem since I am on 8.6(4) now.
But this is good information, so far it seems that I would need to treat the Sx20 just like a Secure (encrypted) phone, on the CUCM perspective at least.
I'll dig into this more next week and see what happens.
Thanks all so far.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide