Manualshelf

Specifications

ManualsBrandsAutoCommand ManualsRemote Control20036
101102103104105106107108109110
Setting Up Secure SRST
Information About Setting Up Secure SRST
103
Cisco IOS Survivable Remote Site Telephony Version 3.4 System Administrator Guide
Note The media is encrypted automatically once the phone and router certificates are exchanged and the TLS
connection is established with the SRST router.
Cisco IOS Credentials Server on Secure SRST Routers
Secure SRST introduces a credentials server that runs on a secure SRST router. When the client,
Cisco CallManager, requests a certificate through the TLS channel, the credentials server provides the
SRST router certificate to Cisco CallManager. Cisco CallManager inserts the SRST router certificate in
the Cisco IP phone configuration file and downloads the configuration files to the phones. The secure
Cisco IP phone uses the certificate to authenticate the SRST router during fallback operations. The
credentials service runs on default TCP port 2445.
Three Cisco IOS commands configure the credentials server in call-manager-fallback mode:
credentials
ip source-address (credentials)
trustpoint (credentials)
Two Cisco IOS commands provide credential server debugging and verification capabilities:
debug credentials
show credentials
Establishment of Secure SRST to the Cisco IP Phone
Figure 5 and Table 9 show the interworking of the credentials server on the SRST router, Cisco
CallManager, and the Cisco IP phone, and describe the establishment of secure SRST to the Cisco IP
phone.
6. The TLS handshake occurs, certificates are exchanged, and mutual authentication and
registration occurs between the Cisco IP phone and the SRST router.
a.
The SRST router sends its certificate, and the phone validates the certificate to the
certificate that it received from Cisco CallManager in Step 4.
b.
The Cisco IP phone provides the SRST router the LSC or MIC, and the router
validates the LSC or MIC using the PEM format files that it was provided in Step 5.
Table 8 Overview of the Process of Secure SRST Authentication and Encryption (continued)
Process Steps Description or Detail