Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
930
Views
0
Helpful
2
Replies

Encrypted calls failed between 9971 (registered at CUCM 8.6.2) and EX90 or E20 (registered at VCS X7.2)

jdarbonnel
Level 1
Level 1

‎06-21-2013 12:25 AM - edited ‎03-18-2019 01:20 AM

Hi Community,

I have the same issue between a 9971 registered on cucm8.6.2 and EX90 or E20 registered on VCS7.2.

I'm trying to make an encrypted call fom a EX90 or E20, and a 9971.

EX90 and E20 is registerd with TLS

9971 is in secure mode, encryption works between two 9971

SIP Trunk TLS is Active between CUCM and VCS

In CUCM zone, i have a custom profile with the setting from Deployment Guide CUCM8_9 and X7.2

On VCS,  i put the command: xConfiguration Zones Zone 4 Neighbor Interworking SIP Encryption EncryptSRTCP: Yes

On CUCM SIP Trunk, SRTP allowed  is checked

SIP Media enccryption mode is Best effort in Default Zone and CUCM zone

Did you upload CUCM cert on VCS?

Any suggestion will be appreciated

Regards

Labels:
0 Helpful
2 Replies 2

ahmashar
Level 4
Level 4

‎06-23-2013 12:13 PM

Ensuring that Unified CM trusts the VCS server certificate

For Unified CM to make a TLS connection to VCS, Unified CM must trust the VCS’s server certificate.

Unified CM must therefore trust a root certificate that in turn trusts the VCS’s certificate. See Certificate

Creation and Use with VCS Deployment Guide for details of generating CSRs on VCS to acquire certificates

from a Certificate Authority (CA), as well as information about operating private Certificate Authorities.

If VCS and Unified CM have both been loaded with valid certificates and the root CA of the VCS certificate is

already loaded onto Unified CM, then no further work is required.

Otherwise, if the VCS does not have a certificate from an authority that is accepted by a root CA certificate

on Unified CM (typically if the VCS has a self-signed certificate), the VCS's server certificate must be loaded

onto Unified CM.

Page 28

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Cisco_Unified_Communications_Manager_Deployment_Guide_CUCM_8_9_and_X7-2.pdf

regards,

Ahmad

0 Helpful

jdarbonnel
Level 1
Level 1
In response to ahmashar

‎06-24-2013 02:07 AM

Hello Ahmad,

Thank you for your feedback, i have already uploaded the VCS's certificate onto CUCM.

I beleive that issue is located in SIP Message between VCS and CUCM

Regards

Jluc

0 Helpful
Customers Also Viewed These Support Documents