Cisco Cisco Expressway
for background on best effort encryption between Expressway and Unified CM.
As of version 10.0, you can use the CLI to change the cluster security mode. On earlier versions, you must use the
Cisco CTL Client plugin to change the cluster security mode. The security mode change updates the CTL file, so you
must restart the Cisco CallManager and Cisco Tftp services after the change.
Cisco CTL Client plugin to change the cluster security mode. The security mode change updates the CTL file, so you
must restart the Cisco CallManager and Cisco Tftp services after the change.
The process is summarized below, but you should refer to the Cisco Unified Communications Manager Security Guide
for your version, which you can find on the
for your version, which you can find on the
page.
1.
Obtain access to the Unified CM publisher node, including hardware security tokens (if using the CTL Client
plugin).
plugin).
2.
(Pre 10.0) Download and install the Cisco CTL Client plugin from Unified CM.
3.
Run the CTL Client plugin to enable Mixed Mode. On 10.0 or later, you can use
utils ctl set-cluster mixed-
mode
at the CLI.
4.
Update the CTL file (via the plugin or
utils ctl update CTLFile
).
5.
Restart the Cisco CallManager and Cisco Tftp services (via Cisco Unified Serviceability).
Configure a SIP Trunk Security Profile on Unified CM
On Unified CM:
1.
Select Cisco Unified CM Administration, click Go and log in.
2.
Go to System > Security > SIP Trunk Security Profile.
3.
Click Add New.
27
Cisco Expressway SIP Trunk to Unified CM Deployment Guide
Connecting Expressway to Unified CM Using TLS