Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 11 – Connecting Cisco VCS to CUCM using TLS (rather than TCP)
Cisco VCS Deployment Guide: CUCM v6.1, 7 and 8 with Cisco VCS X5.1 using a SIP trunk
Page 47 of 50
Configure a SIP trunk security profile on CUCM
On CUCM:
1. On CUCM, select Cisco Unified CM Administration, click Go and log in.
2. Go to System > Security > SIP Trunk Security Profile.
3. Click Add New.
4. Configure the fields as follows:
Name
A name indicating that this profile is an encrypted profile
for the specific X.509 name(s).
for the specific X.509 name(s).
Description
Enter a textual description as required.
Device Security Mode
Select Encrypted.
Incoming Transport Type
Select TLS.
Outgoing Transport Type
Select TLS.
Enable Digest Authentication
Leave unselected.
X.509 Subject Name
The subject name or an alternate subject name
provided by the Cisco VCS in its certificate. (Multiple
X.509 names can be added if required; separate each
name by a space, comma, semicolon or colon.)
provided by the Cisco VCS in its certificate. (Multiple
X.509 names can be added if required; separate each
name by a space, comma, semicolon or colon.)
Incoming Port
5061
Other parameters
Leave all other parameters unselected.
5. Click Save.
Update the CUCM trunk to Cisco VCS to use TLS
On CUCM:
1. Go to Device > Trunk.
2. Using Find, select the Device Name previously set up for the trunk to the Cisco VCS.
3. Configure the following fields:
Device Information section
Device Name
This name must match the subject name of the Cisco
VCS certificate (as used in the X.509 Subject Name in
the security profile).
VCS certificate (as used in the X.509 Subject Name in
the security profile).
Description
Update as required; you may want to indicate that this is
now a TLS connection.
now a TLS connection.
SIP Information section
Destination Port
5061
SIP Trunk Security Profile
Select the trunk profile set up above.
Leave other parameters as previously configured.
4. Click Save.
5. Click Apply Config.
6. Click OK.