Cisco Cisco TelePresence Video Communication Server Expressway

Appendix 11 – Connecting Cisco VCS to CUCM using TLS (rather than TCP)

Cisco VCS Deployment Guide: CUCM v6.1, 7 and 8 with Cisco VCS X6 using a SIP trunk

Page 46 of 49

2. Go to System > Security > SIP Trunk Security Profile.

3. Click Add New.

4. Configure the fields as follows:

Name

A name indicating that this profile is an encrypted profile for
the specific X.509 name(s).

Description

Enter a textual description as required.

Device Security Mode

Select Encrypted.

Incoming Transport Type

Select TLS.

Outgoing Transport Type

Select TLS.

Enable Digest Authentication

Leave unselected.

X.509 Subject Name

The subject name or an alternate subject name provided by
the Cisco VCS in its certificate. (Multiple X.509 names can be
added if required; separate each name by a space, comma,
semicolon or colon.)

Incoming Port

5061

Other parameters

Leave all other parameters unselected.

5. Click Save.

Update the CUCM trunk to Cisco VCS to use TLS

On CUCM:

1. Go to Device > Trunk.

2. Using Find, select the Device Name previously set up for the trunk to the Cisco VCS.

3. Configure the following fields:

Device Information section

Device Name

This name must match the subject name of the Cisco VCS
certificate (as used in the X.509 Subject Name in the security
profile).

Description

Update as required; you may want to indicate that this is now
a TLS connection.

SIP Information section

Destination Port

5061

SIP Trunk Security Profile

Select the trunk profile set up above.

Leave other parameters as previously configured.

4. Click Save.

5. Click Apply Config.

6. Click OK.

Update the Cisco VCS neighbor zone to CUCM to use TLS

Note: Cisco VCS will report that the CUCM zone is active even while it is communicating with CUCM
over TCP. The changes below are necessary to allow communications to happen over TLS.

On Cisco VCS:

1. On the Edit zone page (VCS configuration > Zones, then select the zone to CUCM).