Contents

• Security
• Browser security
• Verify Internet Explorer security settings
• Create login banner
• IPsec policy management
• Create IPsec policy
• Enable or Disable existing IPsec policy
• Delete IPsec policy

Security

---

• Browser security
• IPsec policy management

Browser security

• Verify Internet Explorer security settings
• Create login banner

Verify Internet Explorer security settings

To download certificates from the server, you must ensure that your Internet Explorer security settings are configured correctly.

Procedure

---

Step 1	Start Internet Explorer.
Step 2	Select Tools > Internet Options.
Step 3	Select the Advanced tab.
Step 4	Scroll down to the Security section on the Advanced tab.
Step 5	If necessary, clear Do not save encrypted pages to disk.
Step 6	Select OK.

---

Create login banner

From Cisco Unified Presence Release 8.6(4), you can create a banner that users acknowledge as part of their login to any IM and Presence interface. You must create a .txt file using any text editor, include important notifications that you want users to be made aware of, and upload it to Cisco Unified IM and Presence Operating System Administration. This banner will then appear on all IM and Presence Service interfaces notifying users of important information before they login, including legal warnings and obligations. The following interfaces will display this banner before and after a user logs in:

• Cisco Unified CM IM and Presence Administration
• Cisco Unified IM and Presence Operating System Administration
• Cisco Unified IM and Presence Serviceability
• Cisco Unified IM and Presence Reporting
• IM and Presence Disaster Recovery System
• Cisco Unified CM IM and Presence User Options

Procedure

---

Step 1	Create a .txt file with the contents you want to display in the banner.
Step 2	Sign in to Cisco Unified IM and Presence Operating System Administration.
Step 3	Select Software Upgrades > Customized Logon Message.
Step 4	Select Browse and locate the .txt file.
Step 5	Select Upload File.
Step 6	The banner will appear before and after login on most IM and Presence interfaces.

---

IPsec policy management

Note	IPsec is not automatically established between nodes in a cluster during installation of the IM and Presence Service.

• Create IPsec policy
• Enable or Disable existing IPsec policy
• Delete IPsec policy

Create IPsec policy

You can set up a new IPsec policy. Do not, however, attempt to create IPsec policies during an IM and Presence server upgrade.

Caution

IPsec, especially with encryption, will affect the performance of your system.

Before You Begin

To access the Security menu items, you must sign in again to Cisco Unified IM and Presence Operating System Administration using your Administrator password.

Procedure

---

Step 1	Sign in to Cisco Unified IM and Presence Operating System Administration.
Step 2	SelectSecurity > IPSEC Configuration.
Step 3	Select Add New.
Step 4	Enter the new values in the appropriate fields. Field Description Policy Group Name Specifies the group name to which the IPsec policy belongs. Policy Name Specifies the name of the IPsec policy. Authentication Method Specifies the authentication method, for example, Certificate. Preshared Key Specifies the preshared key if you selected Pre-shared Key in the Authentication Method field. Peer Type Specifies whether the peer is the same type or different. Certificate Name Specifies the name of the certificate used for authentication. Destination Address Specifies the IP address or FQDN of the destination. Destination Port Specifies the port number at the destination. Source Address Specifies the IP address or FQDN of the source. Source Port Specifies the port number at the source. Mode Specifies Tunnel or Transport mode. Remote Port Specifies the port number to use at the destination. Protocol Specifies the specific protocol, or Any: TCP UDP Any Encryption Algorithm From the list box, select the encryption algorithm. Choices include DES 3DES Hash Algorithm Specifies the hash algorithm: SHA1—Hash algorithm that is used in phase one IKE negotiation MD5—Hash algorithm that is used in phase one IKE negotiation ESP Algorithm From the list box, select the ESP algorithm. Choices include NULL_ENC DES 3DES BLOWFISH RIJNDAEL Phase One Life Time Specifies the lifetime for phase one IKE negotiation, in seconds. Phase One DH From the list box, select the phase one DH value. Choices include 2, 1, 5, 14, 16, 17, and 18. Phase Two Life Time Specifies the lifetime for phase two IKE negotiation, in seconds. Phase Two DH From the list box, select the phase two DH value. Choices include 2, 1, 5, 14, 16, 17, and 18. Enable Policy Check to enable the IPsec policy.

---

What to Do Next

Enable or Disable existing IPsec policy

Enable or Disable existing IPsec policy

You can enable or disable an existing IPsec policy. Do not, however, attempt to create, enable or disable IPsec policies during an IM and Presence server upgrade.

Caution

IPsec, especially with encryption, will affect the performance of your system.

Before You Begin

Complete the steps to create an IPsec policy.

Procedure

---

Step 1	Sign in to Cisco Unified IM and Presence Operating System Administration.
Step 2	Perform one of the following actions in the IPSEC Policy Configuration frame: Check Enable Policy to enable the policy. Uncheck Enable Policy to disable the policy.

---

Related Tasks

Create IPSec policy

Delete IPsec policy

You can delete one or more IPsec policies. Do not, however, attempt to delete IPsec policies during an IM and Presence server upgrade.

Caution

IPsec, especially with encryption, will affect the performance of your system.

Before You Begin

To access the Security menu items, you must sign in again to Cisco Unified IM and Presence Operating System Administration using your Administrator password.

Procedure

---

Step 1	Sign in to Cisco Unified IM and Presence Operating System Administration.
Step 2	Select Security > IPSEC Configuration.
Step 3	Select the policy or policies that you want to delete.
Step 4	Select Delete.

---