CME SRTP

PhillyDPhillyD Member Posts: 13 ■□□□□□□□□□
Hi,

Has anyone here had any experience of implementing SRTP on a CME v7 box? I have been trying to do it as per the documentation for the last week, I also have a TAC case open. The test phone seems unable to connect to the CAPF server and install an LSC. Does anyone have any pointers on this? I can provide my config if necessary.

Thanks in advance

Phill (CCVP as of last week! yay!)

Comments

  • LuckycharmsLuckycharms Member Posts: 267
    Post clean config..
    The quality of a book is never equated to the number of words it contains. -- And neither should be a man by the number of certifications or degree's he has earned.
  • PhillyDPhillyD Member Posts: 13 ■□□□□□□□□□
    Config is as below: The ephone would normally have 'device security mode encrypted' and 'cert-oper upgrade' but it has been set to none just so its functional.



    ctl-client
    server cme 10.0.1.252 trustpoint CMETP
    server tftp 10.0.1.252 trustpoint TFTPTP
    server capf 10.0.1.252 trustpoint CAPFTP
    sast1 trustpoint SAST1TP
    sast2 trustpoint SAST2TP
    !
    capf-server
    port 3804
    auth-mode null-string
    cert-enroll-trustpoint NETTITUDE password 1 130847011A190D3E24
    trustpoint-label CAPFTP
    source-addr 10.0.1.252
    keygen-timeout 20
    keygen-retry 2
    !
    !

    !

    !
    crypto pki server NETTITUDE
    grant auto
    !
    crypto pki trustpoint NETTITUDE
    revocation-check crl
    rsakeypair NETTITUDE
    !
    crypto pki trustpoint CAPFTP
    enrollment url http://10.0.1.252:80
    revocation-check crl
    !
    crypto pki trustpoint CMETP
    enrollment url http://10.0.1.252:80
    revocation-check crl
    !
    crypto pki trustpoint TFTPTP
    enrollment url http://10.0.1.252:80
    revocation-check crl
    !
    crypto pki trustpoint SAST1TP
    enrollment url http://10.0.1.252:80
    revocation-check crl
    !
    crypto pki trustpoint SAST2TP
    enrollment url http://10.0.1.252:80
    revocation-check crl
    !
    crypto pki trustpoint CTLPV
    enrollment url http://10.0.1.252:80
    revocation-check crl
    credentials
    ctl-service admin admin secret 1 082C1C5D180C0C031D
    ip source-address 10.0.1.252 port 2444
    trustpoint CTLPV
    !
    !
    telephony-service

    secure-signaling trustpoint CMETP
    cnf-file location flash:
    cnf-file perphone
    tftp-server-credentials trustpoint TFTPTP
    server-security-mode secure
    create cnf-files version-stamp Jan 01 2002 00:00:00
    !

    !
    ephone 10
    device-security-mode none
    cert-oper delete auth-mode null-string
    mac-address 0019.30C9.3196
    ephone-template 1
    type 7971
    button 1:4
    !
  • mistancemistance Registered Users Posts: 1 ■□□□□□□□□□
    I'm facing the same issue. How did you solve it?
  • miffmiff Registered Users Posts: 1 ■□□□□□□□□□
    I have the same problem too, had you found a solution ?
Sign In or Register to comment.