Home > Articles > Cisco Certification > CCIE > CCIE Collaboration Quick Reference: Cisco Unified Communications Security

CCIE Collaboration Quick Reference: Cisco Unified Communications Security

Chapter Description

In this chapter, Akhil Behl explains how to secure a converged communications network by discussing potential threats as well as options for maintaining the confidentiality of network data and its integrity.

SRTP and TLS

After the endpoints (IP Phones) are secure, CUCM can establish TLS with the endpoints, and the endpoints can negotiate SRTP among themselves. Cisco voice gateways also support encryption as follows:

  • MGCP gateway with SRTP package and IPsec tunnel to CUCM (or default gateway device for CUCM). IPsec is for protection of signaling, which in the case of MGCP is in clear text by default.
  • H.323 gateway with certificates exchanged with CUCM for SRTP and IPsec for protecting signaling.
  • SIP gateway with secure SIP trunk leveraging TLS to protect signaling.

Figure 5-6 gives insight to TLS signaling and SRTP media flow among CUCM, endpoints, and gateways.

Figure 5-6

Figure 5-6 TLS and SRTP Call Flow Between CUCM, Endpoints, and Gateways

10. Preventing Toll Fraud | Next Section Previous Section