Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone
111112113114115116117118119120
Setting Up Secure Survivable Remote Site Telephony
Information About Setting Up Secure SRST
108
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
activates when the WAN link or Cisco Unified CallManager goes down. When the WAN link or
Cisco Unified CallManager is restored, Cisco Unified CallManager resumes secure call-handling
capabilities.
Secure SRST provides new SRST security features such as authentication, integrity, and media
encryption. Authentication provides assurance to one party that another party is whom it claims to be.
Integrity provides assurance that the given data has not been altered between the entities. Encryption
implies confidentiality; that is, that no one can read the data except the intended recipient. These security
features allow privacy for SRST voice calls and protect against voice security violations and identity
theft.
SRST security is achieved when:
End devices are authenticated using certificates.
Signaling is authenticated and encrypted using Transport Layer Security (TLS) for TCP.
A secure media path is encrypted using Secure Real-Time Transport Protocol (SRTP).
Certificates are generated and distributed by a CA.
Cisco IP Phones Clear-Text Fallback During SRST
Cisco SRST versions prior to 12.3(14)T are not capable of supporting secure connections or have
security enabled. If an SRST router is not capable of secure SRST as a fallback mode—that is, it is not
capable of completing a TLS handshake with Cisco Unified CallManager—its certificate is not added to
the configuration file of the Cisco IP phone. The absence of an SRST router certificate causes the
Cisco IP phone to use nonsecure (clear-text) communication when in SRST fallback mode. The
capability to detect and fallback in clear-text mode is built into Cisco IP phone firmware. See the Media
and Signaling Authentication and Encryption Feature for Cisco IOS MGCP Gateways for more
information on clear-text mode.
SRST Routers and the TLS Protocol
Transport Layer Security (TLS) Version 1.0 provides secure TCP channels between Cisco IP phones,
secure SRST routers, and Cisco Unified CallManager. The TLS process begins with the Cisco IP phone
establishing a TLS connection when registering with Cisco Unified CallManager. Assuming that
Cisco Unified CallManager is configured to fallback to SRST, the TLS connection between the Cisco IP
phones and the secure SRST router is also established. If the WAN link or Cisco Unified CallManager
fails, call control reverts to the SRST router.