WikiOld

User Tools

Site Tools

Trace: cucm-siptk-enc
eduardo:cisco:cucm:cucm-siptk-enc

Table of Contents

SIP Trunk Encryption

  • SIP Digest Authentication is only an MD5 hash of username, password, SIP URI and other components of the SIP messages.
  • SIP Digest Authentication does not provide confidentiality of signaling packets
  • SIP Trunk Encryption can be used for that
    • SIP trunk encryption uses TLS for SIP
      • TLS authentication is based on certificates
      • CUCM must trust the issuer of the certificate of the peer:
        • Can be self-signed
        • Can be issued by a CA
      • Subject used in the TLS certificate exchange has to be configured.
      • HMAC is used for authentication.
  • SIP trunk encryption protects only signaling.
  • No SRTP support on SIP trunks.

Configuration

SIP Trunk Security Profile

  • Set the Device Security Mode to Encrypted
  • Set the X.509v3 certificate subject name used by the peer

SIP Trunk

  • Apply SIP trunk security profile to the trunk

Peer Certificate

  • Add the certificate of the issuer of the certificate of the peer to CUCM
eduardo/cisco/cucm/cucm-siptk-enc.txt · Last modified: 2024/02/23 08:20 by 127.0.0.1