Configuring Cisco TelePresence Phone Profile Security
To configure the Cisco TelePresence phone security profile, follow these steps:
Step 1 Log in to Cisco Unified CM administration interface.
Step 2 Create the phone security profile by following these steps:
a. Choose System > Security Profile > Phone Security Profile.
b. Click the Add New button. The Phone Security Profile Configuration window appears.
c. In the Phone Security Profile Type drop-down list, specify the type of Cisco TelePresence system that you are configuring. For example, Cisco 7975.
d. Click Next.
e. In the Select the phone security profile protocol drop-down list, select SIP and click Next.
f. Enter the following information in the Phone Security Profile Information box:
– Name—Enter a unique name for the profile. For example, CTS_3000_encrypted
– Description—Enter descriptive information for the profile.
– Nonce Validity Time—Leave the default value of 600.
– Device Security Mode—Choose Encrypted.
– Transport Type—Choose TLS (default).
– Enable Digest Authentication—Unchecked.
– TFTP Encrypted Config—Unchecked.
– Exclude Digest Credentials in Configuration File—Unchecked.
g. Enter the following information in the Phone Security Profile CAPF Information box:
– Authentication Mode—Choose By Authentication String.
– Key Size (Bits)—Choose 1024 (default).
h. Enter the following information in the Parameters used in Phone box:
– SIP Phone Port—Enter 5060 (default).
– Operation Completes B—Leave the default value.
Step 3 Click Save.
Step 4 Add the security Profile to the Cisco TelePresence System by completing the following steps:
a. Choose Device > Phone.
b. Click Find to find the existing Cisco TelePresence device that you want to configure.
c. In the Device Name (Line) column, click the hypertext link for the Cisco TelePresence device that you want to configure. The Phone Configuration window appears.
d. Scroll down to the Protocol Specific Information box and locate the Device Security drop-down list.
e. In the Device Security Profile drop-down list, choose the security profile that you created in Step 2.
For example, if you named the device profile CTS_3000_encrypted, choose CTS_3000_encrypted in the drop-down list.
f. Change the following settings in the Certification Authority Proxy Function (CAPF) Information box:
- Certificate Operation—Choose Install/Upgrade.
- Authentication Mode—Choose By Authentication String.
- Key Size (Bits)—Choose 1024 default).
g. Click Generate String to generate a unique string.
Note Make a note of the string that was generated, you use this string in the “Adding Authentication Information to the Cisco TelePresence System” section.
Step 5 Click Save to save your settings.
Adding Authentication Information to the Cisco TelePresence System
To add authentication information to the Cisco TelePresence System, follow these steps:
Step 1 Log in to the Cisco TelePresence System administration interface.
Step 2 Choose Device Information > Configuration > Cisco Unified CM Settings.
Step 3 In the CAPF Authentication String field, enter the authentication string that you generated in the “Configuring Cisco TelePresence Phone Profile Security” section.
Step 4 Click Apply to apply your changes.
Note To configure an IX5000 or IX5200 system, open a SSH CLI session with the system as the user admin, then enter the command set security authstring string, where string is the authentication string that you generated in the “Configuring Cisco TelePresence Phone Profile Security” section.