Configuring Secure SRST for SCCP and SIP
Restrictions for Configuring Secure SRST
178
Cisco Unified SCCP and SIP SRST System Administrator Guide
OL-13143-04
•
Gateway routers that run secure SRST must support voice- and security-enabled Cisco IOS images
(a “k9” cryptographic software image). The following two images are supported:
–
Advanced IP Services. This image includes a number of advanced security features.
–
Advanced Enterprise Services. This image includes full Cisco IOS software.
Public Key Infrastructure on Secure SRST
•
Set the clock, either manually or by using Network Time Protocol (NTP). Setting the clock ensures
synchronicity with Cisco Unified Communications Manager.
•
Enable the IP HTTP server (Cisco IOS processor) with the
ip http server
command, if not already
enabled. For more information on public key infrastructure (PKI) deployment, see the
Cisco IOS
Certificate Server
feature.
•
If the certificate server is part of your startup configuration, you may see the following messages
during the boot procedure:
% Failed to find Certificate Server's trustpoint at startup
% Failed to find Certificate Server's cert.
These messages are informational messages and indicate a temporary inability to configure the
certificate server because the startup configuration has not been fully parsed yet. The messages are
useful for debugging, in case the startup configuration is corrupted.
You can verify the status of the certificate server after the boot procedure using the
show crypto pki
server
command.
SRST
•
Secure SRST services cannot be enrolled while Cisco Unified SRST is active. Therefore, disable
Cisco Unified SRST with the
no call-manager-fallback
command.
Supported Cisco Unified IP Phones, Platforms, and Memory Requirements
•
For a list of supported Cisco Unified IP Phones, routers, network modules, and codecs for secure
SRST, see the
Cisco Unified Survivable Remote Site Telephony Compatibility Information
feature.
•
For the most up-to-date information about the maximum number of Cisco Unified IP Phones, the
maximum number of directory numbers (DNs) or virtual voice ports, and memory requirements, see
the
Cisco Unified SRST 4.3 Supported Firmware, Platforms, Memory, and Voice Products
feature.
Restrictions for Configuring Secure SRST
General
•
Cryptographic software features (“k9”) are under export controls.
This product contains
cryptographic features and is subject to United
States and local country laws governing import,
export, transfer, and use. Delivery of Cisco cryptographic products does not imply third-party
authority to import, export, distribute or use encryption. Importers, exporters, distributors and, users
are responsible for compliance with U.S. and local country laws. By using this product you agree to
comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws,
return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at the following
URL:
http://www.cisco.com/wwl/export/crypto/tool/
If you require further assistance, please contact us by sending e-mail to [email protected].