Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone

111

112

113

114

115

116

117

118

119

120

Setting Up Secure Survivable Remote Site Telephony

Information About Setting Up Secure SRST

112

Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide

Figure 5 Interworking of Credentials Server on SRST Router, Cisco Unified CallManager, and Cisco Unified IP Phone

Table 9 Establishing Secure SRST

Mode Process Description or Detail

Regular Mode The Cisco IP phone configures DHCP and gets the

TFTP server address.

—

The Cisco IP phone retrieves a CTL file from the

TFTP server.

The CTL file contains the certificates that the phone

should trust.

The Cisco IP phone opens a Transport Layer

Security (TLS) protocol channel and registers to

Cisco Unified CallManager.

Cisco Unified CallManager exports secure SRST

router information and the SRST router certificate to

the Cisco IP phone. The phone places the certificate

into its configuration. Once the phone has the SRST

certificate, the SRST router is considered secure. See

Figure 5.

If the Cisco IP phone is configured as

“authenticated” or “encrypted” and Cisco

Unified CallManager is configured in mixed

mode, the phone looks for an SRST certificate in

its configuration file. If it finds an SRST

certificate, it opens a standby TLS connection to

the default port. The default port is the

Cisco Unified IP Phone TCP port plus 443; that is,

port 2443 on an SRST router.

The connection to the SRST router happens

automatically, assuming there is not a secondary

Cisco Unified CallManager and SRST is configured

as the backup device. See Figure 5.

Cisco Unified CallManager should be configured in

mixed mode, which is its secure mode.

In case of WAN failure, the Cisco IP phone starts SRST registration.

SRST Mode The Cisco IP phone registers with the SRST

router at the default port for secure

communications.

—

155100

Cisco Unified CallManager/

client

Cisco IP phone

Credentials server

running on secure

SRST router

2. The credentials server responds

with the certificate.

3. Cisco Unified CallManager inserts the

certificate in the phone configuration file.

WAN

1. Cisco Unified CallManager requests the

SRST certificate from the credentials server.