Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 11 – Connecting Cisco VCS to CUCM using TLS (rather than TCP)
Cisco VCS Deployment Guide: CUCM v6.1, 7 and 8 with Cisco VCS X6 using a SIP trunk
Page 46 of 49
2. Go to System > Security > SIP Trunk Security Profile.
3. Click Add New.
4. Configure the fields as follows:
Name
A name indicating that this profile is an encrypted profile for
the specific X.509 name(s).
the specific X.509 name(s).
Description
Enter a textual description as required.
Device Security Mode
Select Encrypted.
Incoming Transport Type
Select TLS.
Outgoing Transport Type
Select TLS.
Enable Digest Authentication
Leave unselected.
X.509 Subject Name
The subject name or an alternate subject name provided by
the Cisco VCS in its certificate. (Multiple X.509 names can be
added if required; separate each name by a space, comma,
semicolon or colon.)
the Cisco VCS in its certificate. (Multiple X.509 names can be
added if required; separate each name by a space, comma,
semicolon or colon.)
Incoming Port
5061
Other parameters
Leave all other parameters unselected.
5. Click Save.
Update the CUCM trunk to Cisco VCS to use TLS
On CUCM:
1. Go to Device > Trunk.
2. Using Find, select the Device Name previously set up for the trunk to the Cisco VCS.
3. Configure the following fields:
Device Information section
Device Name
This name must match the subject name of the Cisco VCS
certificate (as used in the X.509 Subject Name in the security
profile).
certificate (as used in the X.509 Subject Name in the security
profile).
Description
Update as required; you may want to indicate that this is now
a TLS connection.
a TLS connection.
SIP Information section
Destination Port
5061
SIP Trunk Security Profile
Select the trunk profile set up above.
Leave other parameters as previously configured.
4. Click Save.
5. Click Apply Config.
6. Click OK.
Update the Cisco VCS neighbor zone to CUCM to use TLS
Note: Cisco VCS will report that the CUCM zone is active even while it is communicating with CUCM
over TCP. The changes below are necessary to allow communications to happen over TLS.
over TCP. The changes below are necessary to allow communications to happen over TLS.
On Cisco VCS:
1. On the Edit zone page (VCS configuration > Zones, then select the zone to CUCM).