Dear All,
I am looking at setting up Cisco IP VPN Phone on our ASAs. I would like to do this as securely as possible and I read here that an LSC on the phone is strongly recommended in preference to using the MIC.
- To install LSC, I believe CAPF is needed and I will need to generate a bundle of certs using the CTL plugin. Does this therefore mean the cluster must be moved to mixed-mode and the phones will start sending SRTP and SecureSIP/SCCP?
- Is it possible to use the LSC for authentication-only (not encryption) and only apply it to VPN phones? I'm looking to minimize my impact on the wider cluster.
- Assuming I have to encryption SRTP and Secure SIP/Skinny, how would the BIB stream behave towards a recorder? Could CM setup an unencrypted BIB stream, even if the main call is encrypted?
- Finally, has anyone tried BIB recording via ASA and does it work OK?
The VPN Phone/ASA setup assumes that one has a solid grasp of CM certificates and mixed mode and this is an area I'm still learning about.
Thank you for any insight.
Regards
James.