Specifications
Setting Up Secure Survivable Remote Site Telephony
Information About Setting Up Secure SRST
107
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
http://www.cisco.com/wwl/export/crypto/tool/
If you require further assistance, please contact us by sending e-mail to export@cisco.com.
• When a Secure Real-Time Transport Protocol (SRTP) encrypted call is made between Cisco Unified
IP Phone endpoints or from a Cisco Unified IP Phone to a gateway endpoint, a lock icon is displayed
on the IP phones. The lock indicates security only for the IP leg of the call. Security of the PSTN
leg is not implied.
• Secure SRST is supported only within the scope of a single router.
Not Supported in Secure SRST Mode
• Cisco Unified CallManager versions prior to 4.1(2)
• Secure music on hold (MoH); MoH stays active, but reverts to non-secure.
• Secure transcoding or conferencing
• Secure H.323 or SIP
• Hot Standby Routing Protocol (HSRP)
Supported Calls in Secure SRST Mode
Only voice calls are supported in secure SRST mode. Specifically, the following voice calls are
supported:
• Basic call
• Call transfer (consult and blind)
• Call forward (busy, no-answer, all)
• Shared line (IP phones)
• Hold and resume
Information About Setting Up Secure SRST
To configure secure SRST, you should understand the following concepts:
• Benefits of Secure SRST, page 107
• Cisco IP Phones Clear-Text Fallback During SRST, page 108
• SRST Routers and the TLS Protocol, page 108
• SRST Routers and PKI, page 109
• Secure SRST Authentication and Encryption, page 110
• Cisco IOS Credentials Server on Secure SRST Routers, page 111
• Establishment of Secure SRST to the Cisco Unified IP Phone, page 111
Benefits of Secure SRST
Secure Cisco IP phones that are located at remote sites and that are attached to gateway routers can
communicate securely with Cisco Unified CallManager using the WAN. But if the WAN link or
Cisco Unified CallManager goes down, all communication through the remote phones becomes
nonsecure. To overcome this situation, gateway routers can now function in secure SRST mode, which