Configuring a Secure Survivable Remote Site Telephony (SRST) Reference

Similar documents
Configuring a Secure Survivable Remote Site Telephony (SRST) Reference

Configuring a Secure Survivable Remote Site Telephony (SRST) Reference

Secure Survivable Remote Site Telephony (SRST) Reference

Survivable Remote Site Telephony Configuration

Voice-Messaging Ports Security Setup

Voice-messaging ports security setup

Phone Security. Phone Security. This chapter provides information about phone security.

Certificate authority proxy function

Using the Certificate Authority Proxy Function

TLS Setup. TLS Overview. TLS Prerequisites

Cisco CTL Client Setup

Configuring Encryption for Gateways and Trunks

Cisco CTL Client setup

Preparing to Deploy Cisco IP Communicator

Cisco IP Communicator Deployment Preparation

Auto Register Cisco IP Communicator 8.6 with CUCM 8.x

Configuring Authentication and Encryption for CTI, JTAPI, and TAPI

Encryption setup for gateways and trunks

Autoregistration Configuration

Understanding Cisco CallManager Trunk Types

Encrypted Phone Configuration File Setup

Configure Cisco IP Phones

Refer to Cisco Unified Communications Manager Security Guide for more details.

Manage Certificates. Certificates Overview

An Overview of the Cisco Unified IP Phone

Command or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1. Configure a SIP Trunk, on page 6

Configure Mobile and Remote Access

An Overview of the Cisco Unified IP Phone

Provision Cisco UC Integration for MicrosoftOffice Communicator client

Cisco Desktop Collaboration Experience DX650 Security Overview

Cisco IP Phone Security

VPN Client. VPN Client Overview. VPN Client Prerequisites. VPN Client Configuration Task Flow. Before You Begin

Encrypted Phone Configuration File Setup

Configure Voice and Video Communication

Cisco recommends that you have knowledge of these commonly used CUCM features:

Cisco Unified Communications Manager configuration for integration with IM and Presence Service

Configuring the Cisco Phone Proxy

Managing Security Certificates in Cisco Unified Operating System

An Overview of the Cisco Unified IP Phone

Real4Test. Real IT Certification Exam Study materials/braindumps

Viewing Security, Device, Model, Status, and Call Statistics Information on the Phone

Command or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1

System-Level Configuration Settings

Pre-Change Tasks and System Health Checks

Cisco Unified Communications Manager Configuration

Cisco Unified IP Phones

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Setting Up a Cisco Unified Communications Manager SIP Trunk Integration, page 1

Cisco CallManager Security Guide

Understanding Trace. Understanding Trace CHAPTER

Cisco Unified Wireless IP Phone

Cisco Unified Communications Manager Security Guide Copyright 2010 Cisco Systems, Inc. All rights reserved.

Survivable Remote Site Telephony Overview, page 1 Survivable Remote Site Telephony Configuration Task Flow, page 1 SRST Restrictions, page 6

Unified Communication Cluster Setup with CA Signed Multi Server Subject Alternate Name Configuration Example

examcollection.premium.exam.161q

Client services framework setup

Configure and Troubleshoot Device Mobility

Secure Call Recording

Managing Certificates

Default Security Setup

About Cisco Unified Communications Manager Group Setup

SSH Algorithms for Common Criteria Certification

Configuration Example for Secure SIP Integration Between CUCM and CUC based on Next Generation Encryption (NGE)

Fixing Issues with Corporate Directory Lookup from the Cisco IP Phone

SAML-Based SSO Configuration

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Troubleshooting and Maintenance

Integrate Microsoft Office Communicator Client and Microsoft Lync Client for Cisco UC

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Configure Service Parameters

Cisco Unified Communications Manager Security Guide

Implementing Cisco IP Telephony & Video, Part 2 v1.0

Cisco Unified IP Phone Configuration

Post-Installation Tasks for Cisco Unified Communications Manager

Configuring Settings on the Cisco Unified Wireless IP Phone 7921G

Configuring Services. Activating and Deactivating Feature Services CHAPTER

Default security setup

Security by Default. Overview CHAPTER

Integrate Microsoft Office Communicator and Microsoft Lync Clients for Cisco UC

Cisco Unified IP Phone Settings

LDAP Directory Integration

CHAPTER. Introduction

A. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off.

Configuring the Client Adapter through Windows CE.NET

IT Exam Training online / Bootcamp

Cisco TelePresence Cisco Unified Communications Manager with Cisco VCS (SIP Trunk)

Security Certificate Configuration for XMPP Federation

T-Server for Cisco UCM Deployment Guide. T-Servers 8.1.2

Cisco Unified IP Phone Settings

The VPN menu and its options are not available in the U.S. export unrestricted version of Cisco Unified Communications Manager.

IP Phone Security and CTL (Certificate Trust List)

Configuring the Cisco TelePresence System

Unified Communications Manager FAQ

Intercluster Peer Configuration

Post-Change Tasks and Verification

Troubleshooting Cisco Unified Communications for RTX

Real-Time Monitoring Configuration

Cisco Unified IP Phone 7962G and 7942G Administration Guide for Cisco Unified Communications Manager 6.1

Remote Monitoring. Remote Monitoring Overview

Cisco Unified IP Phone setup

Transcription:

CHAPTER 6 Configuring a Secure Survivable Remote Site Telephony (SRST) Reference This chapter contains information on the following topics: Overview for Securing the SRST, page 6-1 Secure SRST Configuration Checklist, page 6-3 Configuring Secure SRST References, page 6-4 Security Configuration Settings for SRST References, page 6-6 Overview for Securing the SRST A SRST-enabled gateway provides limited call-processing tasks if the Cisco CallManager cannot complete the call. Secure SRST-enabled gateways contain a self-signed or certificate-authority issued certificate. After you perform SRST configuration tasks in Cisco CallManager Administration, Cisco CallManager uses a TLS connection to authenticate with the Certificate Provider service in the SRST-enabled gateway. Cisco CallManager then retrieves the certificate from the SRST-enabled gateway and adds the certificate to the Cisco CallManager database. 6-1

Overview for Securing the SRST Chapter 6 After you reset the dependent devices in Cisco CallManager Administration, the TFTP server adds the SRST certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then uses a TLS connection to interact with the SRST-enabled gateway. Cisco CallManager only supports depth-1 chaining for the SRST certificates; that is, the phone configuration file only contains a certificate from a single issuer. HSRP is not supported. Ensure that the following criteria are met, so the TLS handshake occurs between the secure phone and the SRST-enabled gateway: The SRST reference contains a self-signed or certificate-authority issued certificate. You configured the cluster for mixed mode through the Cisco CTL client. You configured the phone for authentication or encryption. You configured the SRST reference in Cisco CallManager Administration. You reset the SRST-enabled gateway and the dependent phones after the SRST configuration. Related Topics Secure SRST Configuration Checklist, page 6-3 Configuring Secure SRST References, page 6-4 Security Configuration Settings for SRST References, page 6-6 Troubleshooting, page 7-1 6-2

Chapter 6 Secure SRST Configuration Checklist Secure SRST Configuration Checklist Use Table 6-1 to guide you through the SRST configuration process for security. Table 6-1 Configuration Checklist for Securing the SRST Configuration Steps Step 1 Step 2 Verify that you performed all necessary tasks on the SRST-enabled gateway, so the device supports Cisco CallManager and security. Verify that you performed all necessary tasks to install and configure the Cisco CTL client. Related Procedures and Topics System administration guide for the Cisco SRST-enabled gateway that supports this version of Cisco CallManager Configuring the Cisco CTL Client, page 3-1 Step 3 Verify that a certificate exists in the phone. Verifying That a Locally Significant Certificate Exists on the Phone, page 7-39 Step 4 Step 5 Step 6 Verify that you configured the phones for authentication or encryption. In Cisco CallManager Administration, configure the SRST reference for security, including enabling the SRST reference in the Device Pool Configuration window. Reset the SRST-enabled gateway and phones. Verifying That a Manufactured-Installed Certificate (MIC) Exists in the Phone, page 7-40 Configuring the Device Security Mode, page 5-3 Configuring Secure SRST References, page 6-4 Configuring Secure SRST References, page 6-4 6-3

Chapter 6 Configuring Secure SRST References Configuring Secure SRST References Consider the following information before you add, update, or delete the SRST reference in Cisco CallManager Administration: Adding a Secure SRST Reference The first time that you configure the SRST reference for security, you must configure all settings that are described in Table 6-2. Updating a Secure SRST Reference Performing SRST updates in Cisco CallManager Administration does not automatically update the SRST certificate. To update the certificate, you must click the Update SRST Certificate button; after you click the button, the contents of the certificate display, and you must accept or reject the certificate. If you accept the certificate, Cisco CallManager replaces the SRST certificate in the trust folder on each server in the cluster. Deleting a Secure SRST Reference Deleting a secure SRST reference removes the SRST certificate from the Cisco CallManager database and the cnf.xml file in the phone. To configure a secure SRST reference, perform the following procedure: Procedure Step 1 Step 2 Step 3 Step 4 In Cisco CallManager Administration, choose System > SRST. Perform one of the following tasks: Add a SRST reference for the first time. For information on how to perform this task, refer to the Cisco CallManager Administration Guide. Find the SRST reference that you want to configure for security. For information on finding SRST references, refer to the Cisco CallManager Administration Guide. Use Table 6-2 to update an existing SRST reference for security. Click Insert or Update, depending on whether you added or updated the SRST reference. To update the SRST certificate in the database, click the Update SRST Certificate button. 6-4

Chapter 6 Configuring Secure SRST References This button displays only when you update an existing SRST reference. Step 5 Step 6 Click Reset Devices. Verify that you enabled the SRST reference in the Device Pool Configuration window. Related Topics Overview for Securing the SRST, page 6-1 Secure SRST Configuration Checklist, page 6-3 Security Configuration Settings for SRST References, page 6-6 Troubleshooting, page 7-1 6-5

Chapter 6 Security Configuration Settings for SRST References Security Configuration Settings for SRST References Use Table 6-2 to configure secure SRST references. Table 6-2 Configuration Settings for Secure SRST References Setting Is SRST Secure? SRST Certificate Provider Port Description After you verify that the SRST-enabled gateway contains a self-signed or certificate-authority issued certificate, check this check box. After you configure the SRST and reset the gateway and dependent phones, the Cisco CTL Provider service authenticates to the Certificate Provider service on the SRST-enabled gateway. The Cisco CTL client retrieves the certificate from the SRST-enabled gateway and stores the certificate in the Cisco CallManager database. To remove the SRST certificate from the database and phone, uncheck this check box, click Update, and reset the dependent phones. This port monitors requests for the Certificate Provider service on the SRST-enabled gateway. Cisco CallManager uses this port to retrieve the certificate from the SRST-enabled gateway. The Cisco SRST Certificate Provider default port equals 2445. After you configure this port on the SRST-enabled gateway, enter the port number in this field. You may need to configure a different port number if the port is currently used or if you use a firewall and you cannot use the port within the firewall. 6-6

Chapter 6 Security Configuration Settings for SRST References Table 6-2 Configuration Settings for Secure SRST References (continued) Setting Update SRST Certificate Description This button displays only for existing secure SRST references. After you click this button, the Cisco CTL client replaces the existing SRST certificate that is stored in the Cisco CallManager database. After you reset the dependent phones, the TFTP server sends the cnf.xml file (with the new SRST certificate) to the phones. Related Topics Overview for Securing the SRST, page 6-1 Secure SRST Configuration Checklist, page 6-3 Troubleshooting, page 7-1 6-7

Chapter 6 Security Configuration Settings for SRST References 6-8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback