Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone
111112113114115116117118119120
Setting Up Secure Survivable Remote Site Telephony
Information About Setting Up Secure SRST
111
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
Note The media is encrypted automatically once the phone and router certificates are exchanged and the TLS
connection is established with the SRST router.
Cisco IOS Credentials Server on Secure SRST Routers
Secure SRST introduces a credentials server that runs on a secure SRST router. When the client,
Cisco Unified CallManager, requests a certificate through the TLS channel, the credentials server
provides the SRST router certificate to Cisco Unified CallManager. Cisco Unified CallManager inserts
the SRST router certificate in the Cisco IP phone configuration file and downloads the configuration
files to the phones. The secure Cisco Unified IP Phone uses the certificate to authenticate the SRST
router during fallback operations. The credentials service runs on default TCP port 2445.
Three Cisco IOS commands configure the credentials server in call-manager-fallback mode:
credentials
ip source-address (credentials)
trustpoint (credentials)
Two Cisco IOS commands provide credential server debugging and verification capabilities:
debug credentials
show credentials
Establishment of Secure SRST to the Cisco Unified IP Phone
Figure 5 and Table 9 show the interworking of the credentials server on the SRST router, Cisco Unified
CallManager, and the Cisco Unified IP Phone, and describe the establishment of secure SRST to the
Cisco IP phone.
5. Cisco Unified CallManager provides the PEM format files that contain phone
certificate information to the SRST router. Providing the PEM files to the SRST router
is done manually; see SRST Routers and PKI, page 109 for more information.
When the SRST router has the PEM files, the SRST router can authenticate the IP
phone and validate the issuer of the IP phones certificate during the TLS handshake.
6. The TLS handshake occurs, certificates are exchanged, and mutual authentication and
registration occurs between the Cisco Unified IP Phone and the Cisco Unified SRST
router.
a.
The SRST router sends its certificate, and the phone validates the certificate to the
certificate that it received from Cisco Unified CallManager in Step 4.
b.
The Cisco Unified IP Phone provides the SRST router the LSC or MIC, and the router
validates the LSC or MIC using the PEM format files that it was provided in Step 5.
Table 8 Overview of the Process of Secure SRST Authentication and Encryption (continued)
Process Steps Description or Detail