Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 10 – Connecting Cisco VCS to CUCM using TLS (rather than TCP)
Cisco VCS Deployment Guide: CUCM v6.1, 7 and 8 with Cisco VCS X7.1 using a SIP trunk
Page 49 of 53
Configure a SIP trunk security profile on CUCM
On CUCM:
1. Select Cisco Unified CM Administration, click Go and log in.
2. Go to
System > Security > SIP Trunk Security Profile
.
3. Click Add New.
4. Configure the fields as follows:
Name
A name indicating that this profile is an encrypted profile for
the specific X.509 name(s).
the specific X.509 name(s).
Description
Enter a textual description as required.
Device Security Mode
Select Encrypted.
Incoming Transport Type
Select TLS.
Outgoing Transport Type
Select TLS.
Enable Digest Authentication
Leave unselected.
X.509 Subject Name
The subject name or an alternate subject name provided by
the Cisco VCS in its certificate. (Multiple X.509 names can be
added if required; separate each name by a space, comma,
semicolon or colon.)
the Cisco VCS in its certificate. (Multiple X.509 names can be
added if required; separate each name by a space, comma,
semicolon or colon.)
Incoming Port
5061
Other parameters
Leave all other parameters unselected.
5. Click Save.
Update the CUCM trunk to Cisco VCS to use TLS
On CUCM:
1. Go to
Device > Trunk
.
2. Using Find, select the Device Name previously set up for the trunk to the Cisco VCS.
3. Configure the following fields:
Device Information section
Device Name
This name must match the subject name of the Cisco VCS
certificate (as used in the X.509 Subject Name in the security
profile).
certificate (as used in the X.509 Subject Name in the security
profile).
Description
Update as required; you may want to indicate that this is now
a TLS connection.
a TLS connection.
SIP Information section
Destination Port
5061
SIP Trunk Security Profile
Select the trunk profile set up above.
Leave other parameters as previously configured.
4. Click Save.
5. Click Apply Config.
6. Click OK.