Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2031
Views
5
Helpful
6
Replies

SX10 Encrypted cannot connect to other SX10 encrypted internall

Go to solution
AV-Telemed
Level 1
Level 1

‎01-13-2016 05:13 PM - edited ‎03-18-2019 05:25 AM

Hello All,

I have 2 SX10s and cannot figure out how the encryption works for these. They are both registered to our VCS-C, and cannot connect with one another. Both systems have Encryption turned on and not to "Best Effort". I am thinking that this might have to do with our VCS or our security engineering team. Please help...

Thanks.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Randy Valverde Rojas
Cisco Employee
Cisco Employee

‎01-18-2016 01:54 PM

Hello,

Might be small but had to check, are the units registered on TLS? if not can you try to do so? Certificates shouldn't be necessary unless TLS verify is checked.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎01-13-2016 06:06 PM

What happens if you try to make a call with them set to Best Effort?

For the zone that each SX10 is registered to, what is the "Media encryption mode" under SIP set to?

Does anything in the endpoint logs standout as to why the call fails to connect?

0 Helpful

Go to solution
AV-Telemed
Level 1
Level 1
In response to Patrick Sparkman

‎01-14-2016 11:02 AM

When both are set to Best Effort they will connect. But we need them to be turned On, for HIPPA purposes. For the zone they are registered to, Media Encryption Mode is set to auto. The only thing I see is the cause of the disconnection; when I go to call history under diagnostics is insufficient security. Could this be a setting in our VCS or firewall?

0 Helpful

Go to solution
Jens Didriksen
Level 9
Level 9
In response to AV-Telemed

‎01-14-2016 07:25 PM

Would also be good if you could include the software versions of the SX10 and the VCS-C.

Also, what happens if you set the VCS to "Force encryption" instead of "Auto" ?

Do they have appropriate certificates installed, and have SIP certificate been turned on - see "Managing the video system's certificates" section in the admin guide.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
0 Helpful

Go to solution
Randy Valverde Rojas
Cisco Employee
Cisco Employee

‎01-18-2016 01:54 PM

Hello,

Might be small but had to check, are the units registered on TLS? if not can you try to do so? Certificates shouldn't be necessary unless TLS verify is checked.

0 Helpful

Go to solution
AV-Telemed
Level 1
Level 1
In response to Randy Valverde Rojas

‎01-20-2016 03:14 PM

Thanks Randy! 

Changing it to TLS in our VCS worked. Made the call go through. 

Go to solution
Randy Valverde Rojas
Cisco Employee
Cisco Employee
In response to AV-Telemed

‎01-20-2016 03:32 PM

Awesome, glad to help out. Keep in mind that for everything that includes encryption (media or signaling) TLS is most like needed. At least for sip.

0 Helpful
Customers Also Viewed These Support Documents