Cisco Cisco TelePresence MCU 4510 Maintenance Manual
Configuring encryption settings
You can configure the MCU to encrypt connections to and from H.323 and SIP endpoints.
The encryption technology that the MCU uses for encryption to and from H.323 endpoints is Advanced
Encryption Standard (AES).
Encryption Standard (AES).
The encryption technology that the MCU uses for encryption to and from SIP endpoints is Secure Real-time
Transport Protocol (SRTP).
Transport Protocol (SRTP).
To use encryption, you must have the Encryption feature key present on the MCU. For information about
installing feature keys, refer to
installing feature keys, refer to
. To access encryption settings, go to
Settings > Encryption
.
Encryption is used when both devices in a call agree to use encryption; by default if one of the devices
cannot use encryption (for example if a SIP endpoint does not support SRTP), the MCU will allow the call to
be unencrypted, unless the conference configuration dictates that encryption is Required. Where encryption
is required, calls that cannot used encryption will not be allowed.
cannot use encryption (for example if a SIP endpoint does not support SRTP), the MCU will allow the call to
be unencrypted, unless the conference configuration dictates that encryption is Required. Where encryption
is required, calls that cannot used encryption will not be allowed.
When encryption is in use to and from H.323 endpoints, the MCU will encrypt audio, video, and content
media. It does not encrypt control or authentication information.
media. It does not encrypt control or authentication information.
When encryption is in use to and from SIP endpoints, the MCU will encrypt audio and video media using
SRTP. Control or authentication information can also be encrypted using TLS. For more information refer to
SRTP. Control or authentication information can also be encrypted using TLS. For more information refer to
, below.
You can:
n
configure the MCU to advertise its ability to encrypt connections, such that it will use encryption if an
H.323 endpoint can use AES encryption.
H.323 endpoint can use AES encryption.
n
configure the MCU to advertise its ability to encrypt connections, such that it will use encryption if a SIP
endpoint can use SRTP encryption.
endpoint can use SRTP encryption.
n
configure the MCU so that the default encryption option for new conferences is either Optional or Required.
Be aware that anyone creating a new conference will be able to set the encryption setting for the
conference to either Optional or Required.
Be aware that anyone creating a new conference will be able to set the encryption setting for the
conference to either Optional or Required.
n
force new ad hoc conferences to use encryption (by correctly configuring the ad hoc conference template,
see
see
).
Note that using encryption does not affect the number of ports that are available on the MCU.
Note that the MCU will not show thumbnail previews on the
Conference participant
page if encryption is
required for a conference. If you have the Show thumbnail images option selected on the
Settings > User
interface
page, thumbnail previews will be shown for conferences where encryption is optional and there are
encrypted participants.
Refer to this table for assistance configuring the encryption settings. After making any configuration
changes, click Apply changes.
changes, click Apply changes.
Field
Field description
Usage tips
Cisco TelePresence MCU Series 4.5 Online Printable Help
Page 191 of 278
Configuring the MCU
Configuring encryption settings