Table of Contents
Task List to Create the Integration
Integrations with Multiple Phone Systems
Planning How the Voice Messaging Ports Will Be Used by Cisco Unity Connection
The Number Voice of Messaging Ports to Install
The Number of Voice Messaging Ports That Will Answer Calls
The Number of Voice Messaging Ports That Will Dial Out, and Not Answer Calls
Programming the Cisco Unified Communications Manager Phone System
Creating a New Integration with Cisco Unified Communications Manager
Cisco Unified Unified CM Security Features
Security Mode Settings in Cisco Unity Connection
Appendix: Documentation and Technical Assistance
Cisco Unity Connection Documentation
Obtaining Documentation and Submitting a Service Request
Cisco Product Security Overview
Cisco Unified Communications Manager SCCP Integration Guide for Cisco Unity Connection in Cisco Business Edition Release 10.x
This document provides instructions for integrating Cisco Unified Communications Manager with Cisco Unity Connection by Skinny Call Control Protocol (SCCP) in a Cisco Business Edition installation.
This document applies only when Cisco Unity Connection is installed as Cisco Business Edition—on the same server with Cisco Unified Communications Manager. This document does not apply to the configuration in which Cisco Unity Connection is installed on a separate server from Cisco Unified Communications Manager.
Cisco Unity Connection supports an SCCP integration when Cisco Unified CM has only SCCP phones or has both SCCP and SIP phones.
Integration Tasks
Before doing the following tasks to integrate Cisco Unity Connection with the Cisco Unified Communications Manager phone system, confirm that Cisco Unity Connection is ready for the integration by completing the applicable tasks in the Installation Guide for Cisco Unity Connection.
The following task list describes the process for creating the integration.
Task List to Create the Integration
Use the following task list to set up a new integration with the Cisco Unified Communications Manager SCCP phone system when it is installed as Cisco Business Edition.
1. Review the system and equipment requirements to confirm that all phone system and Cisco Unity Connection server requirements have been met. See the “Requirements” section.
2. Plan how the voice messaging ports will be used by Cisco Unity Connection. See the “Planning How the Voice Messaging Ports Will Be Used by Cisco Unity Connection” section.
3. Program Cisco Unified Communications Manager. See the “Programming the Cisco Unified Communications Manager Phone System” section.
4. Create the integration. See the “Creating a New Integration with Cisco Unified Communications Manager” section.
5. Test the integration. See the “Testing the Integration” section.
Requirements
The Cisco Unified Communications Manager integration supports configurations of the following components:
- A Cisco IP telephony applications server consisting of Cisco Business Edition 10.x.
- The following phones or combinations of phones for the Cisco Unified CM extensions:
– Only IP phones for the Cisco Unified CM extensions.
– Both IP phones and SIP phones for the Cisco Unified CM extensions without a media termination point (MTP) on the Cisco Unified CM server.
– Both IP phones and SIP phones for the Cisco Unified CM extensions with a media termination point (MTP) on the Cisco Unified CM server.
Integration Description
The Cisco Unified Communications Manager integration makes connections through a LAN or WAN. A gateway provides connections to the PSTN.
Call Information
The phone system sends the following information with forwarded calls:
- The extension of the called party
- The extension of the calling party (for internal calls) or the phone number of the calling party (if it is an external call and the system uses caller ID)
- The reason for the forward (the extension is busy, does not answer, or is set to forward all calls)
Cisco Unity Connection uses this information to answer the call appropriately. For example, a call forwarded to Cisco Unity Connection is answered with the personal greeting of the user. If the phone system routes the call to Cisco Unity Connection without this information, Cisco Unity Connection answers with the opening greeting.
Integration Functionality
The Cisco Unified Communications Manager integration with Cisco Unity Connection provides the following features:
- Call forward to personal greeting
- Call forward to busy greeting
- Caller ID
- Easy message access (a user can retrieve messages without entering an ID because Cisco Unity Connection identifies the user based on the extension from which the call originated; a password may be required)
- Identified user messaging (Cisco Unity Connection identifies the user who leaves a message during a forwarded internal call, based on the extension from which the call originated)
- Message waiting indication (MWI)
Integrations with Multiple Phone Systems
When Cisco Unity Connection is installed as Cisco Business Edition—on the same server with Cisco Unified Communications Manager—Cisco Unity Connection can be integrated only with Cisco Unified CM by Skinny Call Control Protocol (SCCP). No other phone system integrations are supported. Cisco Unity Connection cannot be integrated with multiple phone systems at the same time.
Planning How the Voice Messaging Ports Will Be Used by Cisco Unity Connection
Before programming the phone system, you need to plan how the voice messaging ports will be used by Cisco Unity Connection. The following considerations will affect the programming for the phone system (for example, setting up the hunt group or call forwarding for the voice messaging ports):
- The number of voice messaging ports installed.
- The number of voice messaging ports that will answer calls.
- The number of voice messaging ports that will only dial out, for example, to send message notification, to set message waiting indicators (MWIs), and to make telephone record and playback (TRAP) connections.
The following table describes the voice messaging port settings in Cisco Unity Connection that can be set on Telephony Integrations > Port of Cisco Unity Connection Administration.
The Number Voice of Messaging Ports to Install
The number of voice messaging ports to install depends on numerous factors, including:
- The number of calls Cisco Unity Connection will answer when call traffic is at its peak.
- The expected length of each message that callers will record and that users will listen to.
- The number of users.
- The number of ports that will be set to dial out only.
- The number of calls made for message notification.
- The number of MWIs that will be activated when call traffic is at its peak.
- The number of TRAP connections needed when call traffic is at its peak. (TRAP connections are used by Cisco Unity Connection web applications to play back and record over the phone.)
- The number of calls that will use the automated attendant and call handlers when call traffic is at its peak.
It is best to install only the number of voice messaging ports that are needed so that system resources are not allocated to unused ports.
The Number of Voice Messaging Ports That Will Answer Calls
The calls that the voice messaging ports answer can be incoming calls from unidentified callers or from users. Typically, the voice messaging ports that answer calls are the busiest.
You can set voice messaging ports to both answer calls and to dial out (for example, to send message notifications). However, when the voice messaging ports perform more than one function and are very active (for example, answering many calls), the other functions may be delayed until the voice messaging port is free (for example, message notifications cannot be sent until there are fewer calls to answer). For best performance, dedicate certain voice messaging ports for only answering incoming calls, and dedicate other ports for only dialing out. Separating these port functions eliminates the possibility of a collision, in which an incoming call arrives on a port at the same time that Cisco Unity Connection takes the port off-hook to dial out.
The Number of Voice Messaging Ports That Will Dial Out, and Not Answer Calls
Ports that will only dial out and will not answer calls can do one or more of the following:
- Notify users by phone, pager, or email of messages that have arrived.
- Turn MWIs on and off for user extensions.
- Make a TRAP connection so that users can use the phone as a recording and playback device in Cisco Unity Connection web applications.
Typically, these voice messaging ports are the least busy ports.
Programming the Cisco Unified Communications Manager Phone System
After the Cisco Unified Communications Manager software is installed, do the following procedures in the order given.
To Add Partitions and a Calling Search Space to Contain the Voice Mail Ports
Step 1 In Cisco Unified CM Administration, select Call Routing > Class of Control > Partition.
Step 2 On the Find and List Partitions page, select Add New.
Step 3 On the Partition Configuration page, enter the name and description you want for the partition that will contain all voice mail port directory numbers. For example, enter “VMRestrictedPT, Partition for voice mail port directory numbers.”
Step 6 Enter the name and description you want for the partition that will contain the hunt pilot, which will be the voice mail pilot number. For example, enter “VMPilotNumberPT, Partition for the voice mail pilot number.”
Step 8 Select Call Routing > Class of Control > Calling Search Space.
Step 9 On the Find and List Calling Search Spaces page, select Add New.
Step 10 On the Calling Search Space Configuration page, in the Name field, enter a name for the calling search space that will include the partition created in Step 2 through Step 4. For example, enter “VMRestrictedCSS.”
Step 11 Optionally, in the Description field, enter a description of the calling search space. For example, enter “Voice mail port directory numbers.”
Step 12 In the Available Partitions list, select the name of the partition created in Step 2 through Step 4. For example, select “VMRestrictedPT.”
Step 13 Select the down arrow below the Available Partitions list.
The name of the partition appears in the Selected Partitions list.
Step 15 In the Related Links field, select Back to Find/List and select Go.
Step 16 On the Find and List Calling Search Spaces page, select Find.
Step 17 Select the name of the calling search space that is used by user phones.
Step 18 On the Calling Search Space Configuration page, in the Available Partitions list, select the name of the partition created in Step 5 through Step 7. For example, select “VMPilotNumberPT.”
Caution If the partition that contains the hunt pilot (which will be the voice mail pilot number) is not in the calling search space that is used by user phones, the phones will not be able to dial the Cisco Unity Connection server.
Step 19 Select the down arrow below the Available Partition list.
The name of the partition appears in the Selected Partitions list.
Step 21 Repeat Step 17 through Step 20 for each remaining calling search space that needs to access Cisco Unity Connection.
To Add a Device Pool for the Voice Mail Ports
Step 1 In Cisco Unified CM Administration, select System > Device Pool.
Step 2 On the Find and List Device Pools page, select Add New.
Step 3 On the Device Pool Configuration page, enter the following device pool settings.
In the following procedure, add a voice mail port to Cisco Unified CM for each voice mail port that you will connect to Cisco Unity Connection.
To Add Voice Mail Ports to Cisco Unified CM
Step 1 In Cisco Unified CM Administration, select Advanced Features > Voice Mail > Cisco Voice Mail Port Wizard.
Step 2 On the What Would You Like to Do page, select Create a New Cisco Voice Mail Server and Add Ports to It, then select Next.
Step 3 On the Cisco Voice Mail Server page, the name of the voice mail server appears. We recommend that you accept the default name for the voice mail server. If you must use a different name, however, the name must have no more than nine characters.
The voice mail server name must match the Device Name Prefix field in Cisco Unity Connection on the Port Group Basics page for the voice messaging ports.
Step 5 On the Cisco Voice Mail Ports page, select the number of voice mail ports that you want to add (which must not be more voice mail ports than the Cisco Unity Connection licenses enable), then select Next.
Step 6 On the Cisco Voice Mail Device Information page, enter the following voice mail device settings.
Table 3 Settings for the Cisco Voice Mail Device Information Page
Enter Cisco Voice Mail Port or another description for the voice mail device.
Select the name of the device pool you created for the voice mail ports. For example, select Cisco Unity Connection Voice Mail Ports.
Select the name of a calling search space that allows calls to the user phones and any required network devices.
This calling search space must include partitions that contain all devices Cisco Unity Connection needs to access (for example, during call transfers, message notifications, and MWI activations).
Select the security mode that you want to use for the voice mail ports. For details on the settings for Cisco Unified CM authentication and encryption of the voice mail ports, see the “Appendix: Cisco Unified Communications Manager Authentication and Encryption of Cisco Unity Connection Voice Messaging Ports” section.
Step 8 On the Cisco Voice Mail Directory Numbers page, enter the following voice mail directory number settings.
Table 4 Settings for the Cisco Voice Mail Directory Numbers Page
Select the name of the partition that you set up for all voice mail port directory numbers, as set in Step 2 through Step 4 of the To Add Partitions and a Calling Search Space to Contain the Voice Mail Ports. For example, select “VMRestrictedPT.”
Select the name of a calling search space that you set up to contain the partition with all voice mail port directory numbers, as set in Step 9 of the To Add Partitions and a Calling Search Space to Contain the Voice Mail Ports. For example, select “VMRestrictedCSS.”
Because this calling search space is not used by user phones, users are not able to dial the voice mail ports. However, users can dial the voice mail pilot number.
Select the automated alternate routing (AAR) group for the voice mail ports. The AAR group provides the prefix digits that are used to route calls that are otherwise blocked due to insufficient bandwidth. If you select None, no rerouting of blocked calls will be attempted.
Accept the default of VoiceMail.
This text appears on the phone when the pilot number is dialed.
Accept the default of VoiceMail.
This text appears on the phone when the pilot number is dialed.
Leave this field blank, or specify the mask used to format caller ID information for external (outbound) calls. The mask can contain up to 50 characters. Enter the literal digits that you want to appear in the caller ID information, and enter X for each digit in the directory number of the device.
Step 10 On the Do You Want to Add These Directory Numbers to a Line Group page, select No, I Will Add Them Later, and select Next.
Step 11 On the Ready to Add Cisco Voice Mail Ports page, confirm that the settings for the voice mail ports are correct, and select Finish.
If the settings are not correct, select Back and enter the correct settings.
To Add Voice Mail Ports to Line Groups
Step 1 In Cisco Unified CM Administration, select Call Routing > Route/Hunt > Line Group.
Step 2 On the Find and List Line Groups page, select Add New.
This line group will contain directory numbers for voice mail ports that will answer calls. Directory numbers for voice mail ports that will only dial out (for example, to set MWIs) must not be included in this line group.
Step 3 On the Line Group Configuration page, enter the following settings.
Step 4 Under Line Group Member Information, in the Partition list, select the name of the partition that you set up for all voice mail port directory numbers. For example, select “VMRestrictedPT.”
Step 6 In the Available DN/Route Partition list, select the first directory number of a voice mail port that will answer calls, and select Add to Line Group.
Caution The directory numbers in the Selected DN/Route Partition list must appear in numerical sequence with the lowest number on top. Otherwise, the integration will not function correctly.
Step 7 Repeat Step 6 for all remaining directory numbers of voice mail ports that will answer calls.
Caution Do not include directory numbers of voice mail ports that will only dial out (for example, to set MWIs). Otherwise, the integration will not function correctly.
To Add the Line Group to a Hunt List
Step 1 In Cisco Unified CM Administration, select Call Routing > Route/Hunt > Hunt List.
Step 2 On the Find and List Hunt Lists page, select Add New.
Step 3 On the Hunt List Configuration page, enter the following settings for the hunt list.
Step 5 Under Hunt List Member Information, select Add Line Group.
Step 6 On the Hunt List Detail Configuration page, in the Line Group list, select the line group you created for the directory numbers of voice mail ports that will answer calls, then select Save.
Caution In the hunt list, do not include line groups with voice mail ports that Cisco Unity Connection will use to dial out. Otherwise, the integration will not function correctly.
Step 7 When alerted that the line group has been inserted, select OK.
Step 8 On the Hunt List Configuration page, select Reset.
Step 9 When asked to confirm resetting the hunt list, select Reset.
Step 10 When alerted that the hunt list has been reset, select Close.
To Add the Hunt List to a Hunt Pilot Number
Step 1 In Cisco Unified CM Administration, select Call Routing > Route/Hunt > Hunt Pilot.
Step 2 On the Find and List Hunt Pilots page, select Add New.
Step 3 On the Hunt Pilot Configuration page, enter the following settings for the hunt pilot.
Enter the hunt pilot number for the voice mail ports. The hunt pilot number must be different from the extension numbers of the voice mail ports.
The hunt pilot number is the extension number that users enter to listen to their voice messages.
Select the name of the partition that you set up for the voice mail pilot number. For example, select “VMPilotNumberPT.”
Accept the default setting, or select the numbering plan that you have set up for your system.
Select None, or select the name of the route filter that you set up for your system.
Select the hunt list of voice mail ports that answer calls, which you set up in the To Add the Line Group to a Hunt List.
To Specify MWI Directory Numbers
Step 1 In Cisco Unified CM Administration, select Advanced Features > Voice Mail > Message Waiting.
Step 2 On the Find and List Message Waiting Numbers page, select Add New.
Step 3 On the Message Waiting Configuration page, enter the following settings for turning MWIs on.
Select the name of the partition that you set up for the voice mail pilot number. For example, select “VMPilotNumberPT.”
Step 6 Enter the following settings for turning MWIs off.
Select the name of the partition that you set up for the voice mail pilot number. For example, select “VMPilotNumberPT.”
In the following procedure, you will add the voice mail pilot number, which is the extension that you dial to listen to your voice messages. Your Cisco IP phone automatically dials the voice mail pilot number when you press the Messages button.
To Add a Voice Mail Pilot Number for the Voice Mail Ports
Step 1 In Cisco Unified CM Administration, select Advanced Features > Voice Mail > Voice Mail Pilot.
Step 2 On the Find and List Voice Mail Pilots page, select Add New.
Step 3 On the Voice Mail Pilot Configuration page, enter the following voice mail pilot number settings.
To Set Up the Voice Mail Profile
Step 1 In Cisco Unified CM Administration, select Advanced Features > Voice Mail > Voice Mail Profile.
Step 2 On the Find and List Voice Mail Profiles page, select Add New.
Step 3 On the Voice Mail Profile Configuration page, enter the following voice mail profile settings.
To Set Up the Voice Mail Server Service Parameters
Step 1 In Cisco Unified CM Administration, select System > Service Parameters.
Step 2 On the Service Parameters Configuration page, in the Server field, select the name of the Cisco Unified CM server.
Step 3 In the Service list, select Cisco CallManager. The list of parameters appears.
Step 4 Under Clusterwide Parameters (Feature - General), locate the Multiple Tenant MWI Modes parameter.
Step 5 If you use multiple tenant MWI notification, select True.
When this parameter is set to True, Cisco Unified CM uses any configured translation patterns to convert voicemail extensions into directory numbers when turning on or off an MWI.
Step 6 If you changed any settings, select Save. Otherwise, skip the remaining steps in this procedure.
Step 7 In the Navigation drop-down box, select Cisco Unified Serviceability and select Go.
Step 8 In Cisco Unified Serviceability, on the Tools menu, select Control Center - Feature Services.
Step 9 Under CM Services, select Cisco CallManager and select Restart.
Creating a New Integration with Cisco Unified Communications Manager
After ensuring that Cisco Unified Communications Manager and Cisco Unity Connection are ready for the integration, do the following procedure to set up the integration and to enter the port settings.
Step 1 Sign in to Cisco Unity Connection Administration.
Step 2 In Cisco Unity Connection Administration, expand Telephony Integrations, then select Phone System.
Step 3 On the Search Phone Systems page, under Display Name, select the name of the default phone system.
Step 4 On the Phone System Basics page, in the Phone System Name field, enter the descriptive name that you want for the phone system.
Step 5 If you want to use this phone system as the default for TRaP connections so that administrators and users without voicemail boxes can record and playback through the phone in Cisco Unity Connection web applications, check the Default TRAP Switch check box. If you want to use another phone system as the default for TRaP connections, uncheck this check box.
Step 7 On the Phone System Basics page, in the Related Links drop-down box, select Add Port Group and select Go.
Step 8 On the New Port Group page, enter the following settings and select Save.
Select the name of the phone system that you entered in Step 4.
Select Port Group Template and select SCCP in the drop-down box.
Enter a descriptive name for the port group. You can accept the default name or enter the name that you want.
Enter the prefix that Cisco Unified CM adds to the device name for voice ports. This prefix must match the prefix used by Cisco Unified CM.
Select Co-resident Cisco Unified Communications Manager and select the extension that you specified in Cisco Unified CM Administration for turning MWIs on.
Select Co-resident Cisco Unified Communications Manager and select the extension that you specified in Cisco Unified CM Administration for turning MWIs off.
Enter the TCP port of the primary Cisco Unified CM server that you are integrating with Cisco Unity Connection. We recommend that you use the default setting.
Enter the TLS port of the primary Cisco Unified CM server that you are integrating with Cisco Unity Connection. We recommend that you use the default setting.
Step 9 On the Port Group Basics page, in the Related Links drop-down box, select Add Ports and select Go.
Step 10 On the New Port page, enter the following settings and select Save.
Enter the number of voice messaging ports that you want to create in this port group.
Select the name of the phone system that you entered in Step 4.
Select the name of the port group that you added in Step 8.
Select the Cisco Unified CM security mode that you want to use for the voice messaging ports.
Step 11 On the Search Ports page, select the display name of the first voice messaging port that you created for this phone system integration.
Note By default, the display names for the voice messaging ports are composed of the port group display name followed by incrementing numbers.
Step 12 On the Port Basics page, set the voice messaging port settings as applicable. The fields in the following table are the ones that you can change.
Check this check box to enable the port. The port is enabled during normal operation.
Uncheck this check box to disable the port. When the port is disabled, calls to the port get a ringing tone but are not answered. Typically, the port is disabled only by the installer during testing.
Check this check box to designate the port for answering calls. These calls can be incoming calls from unidentified callers or from users.
Check this check box to designate the port for notifying users of messages. Assign Perform Message Notification to the least busy ports.
Check this check box to designate the port for turning MWIs on and off. Assign Send MWI Requests to the least busy ports.
Check this check box so that users can use the port for recording and playback through the phone in Cisco Unity Connection web applications. Assign Allow TRAP Connections to the least busy ports.
Enter the priority order in which Cisco Unity Connection will use the ports when dialing out (for example, if the Perform Message Notification, Send MWI Requests, or Allow TRAP Connections check box is checked). The highest numbers are used first. However, when multiple ports have the same Outgoing Hunt Order number, Cisco Unity Connection will use the port that has been idle the longest.
Select the applicable security mode:
- Non-secure —The integrity and privacy of call-signaling messages will not be ensured because call-signaling messages will be sent as clear (unencrypted) text and will be connected to Cisco Unified CM through a non-authenticated port rather than an authenticated TLS port. In addition, the media stream will not be encrypted.
- Authenticated —The integrity of call-signaling messages will be ensured because they will be connected to Cisco Unified CM through an authenticated TLS port. However, the privacy of call-signaling messages will not be ensured because they will be sent as clear (unencrypted) text. In addition, the media stream will not be encrypted.
- Encrypted —The integrity and privacy of call-signaling messages will be ensured on this port because they will be connected to Cisco Unified CM through an authenticated TLS port, and the call-signaling messages will be encrypted. In addition, the media stream will be encrypted.
Caution The Security Mode setting for Cisco Unity Connection voice messaging ports must match the security mode setting for the Cisco Unified CM ports. Otherwise, Cisco Unified CM authentication and encryption will fail.
The Cisco Unity Connection system clock must be synchronized with the Cisco Unified CM system clock for Cisco Unified CM authentication to function immediately. Otherwise, Cisco Unified CM will reject the Cisco Unity Connection voice messaging ports until the Cisco Unified CM system clock has passed the time stamp in the Cisco Unity Connection device certificates.
Note For requirements and additional information about authentication and encryption with Cisco Unified CM and Cisco Unity Connection, see the “Appendix: Cisco Unified Communications Manager Authentication and Encryption of Cisco Unity Connection Voice Messaging Ports” section
Step 15 Repeat Step 12 through Step 14 for all remaining voice messaging ports for the phone system.
Step 16 In the Related Links drop-down list, select Check Telephony Configuration and select Go to confirm the phone system integration settings.
If the test is not successful, the Task Execution Results displays one or more messages with troubleshooting steps. After correcting the problems, test the connection again.
Step 17 In the Task Execution Results window, select Close.
Testing the Integration
To test whether Cisco Unity Connection and the phone system are integrated correctly, do the following procedures in the order listed.
If any of the steps indicate a failure, see the following documentation as applicable:
- The installation guide for the phone system.
- Troubleshooting Guide for Cisco Unity Connection Release 10.x at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/10x/troubleshooting/guide/10xcuctsgx.html.
- The setup information earlier in this guide.
To Set Up the Test Configuration
Step 1 Set up two test extensions (Phone 1 and Phone 2) on the same phone system that Cisco Unity Connection is connected to.
Step 2 Set Phone 1 to forward calls to the Cisco Unity Connection pilot number when calls are not answered.
Caution The phone system must forward calls to the Cisco Unity Connection pilot number in no fewer than four rings. Otherwise, the test may fail.
Step 3 In Cisco Unity Connection Administration, expand Users, then select Users.
Step 4 On the Search Users page, select the display name of a user to use for testing. The extension for this user must be the extension for Phone 1.
Step 5 On the Edit User Basics page, uncheck the Set for Self-enrollment at Next Login check box.
Step 6 In the Voice Name field, record a recorded name for the test user.
Step 8 On the Edit menu, select Message Waiting Indicators.
Step 9 On the Message Waiting Indicators page, select the message waiting indicator. If no message waiting indication is in the table, select Add New.
Step 10 On the Edit Message Waiting Indicator page, enter the following settings.
Step 12 On the Edit menu, select Transfer Rules.
Step 13 On the Transfer Rules page, select the active transfer rule.
Step 14 On the Edit Transfer Rule page, under Transfer Action, select Extension and enter the extension of Phone 1.
Step 15 In the Transfer Type field, select Release to Switch.
Step 17 Minimize the Cisco Unity Connection Administration window.
Do not close the Cisco Unity Connection Administration window because you will use it again in a later procedure.
Step 18 Sign in to the Real-Time Monitoring Tool (RTMT).
Step 19 On the Unity Connection menu, select Port Monitor. The Port Monitor tool appears in the right pane.
Step 20 In the right pane, select Start Polling. The Port Monitor will display which port is handling the calls that you will make.
To Test an External Call with Release Transfer
Step 1 From Phone 2, enter the access code necessary to get an outside line, then enter the number outside callers use to dial directly to Cisco Unity Connection.
Step 2 In the Port Monitor, note which port handles this call.
Step 3 When you hear the opening greeting, enter the extension for Phone 1. Hearing the opening greeting means that the port is configured correctly.
Step 4 Confirm that Phone 1 rings and that you hear a ringback tone on Phone 2. Hearing a ringback tone means that Cisco Unity Connection correctly released the call and transferred it to Phone 1.
Step 5 Leaving Phone 1 unanswered, confirm that the state of the port handling the call changes to “Idle.” This state means that release transfer is successful.
Step 6 Confirm that, after the number of rings that the phone system is set to wait, the call is forwarded to Cisco Unity Connection and that you hear the greeting for the test user. Hearing the greeting means that the phone system forwarded the unanswered call and the call-forward information to Cisco Unity Connection, which correctly interpreted the information.
Step 7 On the Port Monitor, note which port handles this call.
Step 8 Leave a message for the test user and hang up Phone 2.
Step 9 In the Port Monitor, confirm that the state of the port handling the call changes to “Idle.” This state means that the port was successfully released when the call ended.
Step 10 Confirm that the MWI on Phone 1 is activated. The activated MWI means that the phone system and Cisco Unity Connection are successfully integrated for turning on MWIs.
Step 1 From Phone 1, enter the internal pilot number for Cisco Unity Connection.
Step 2 When asked for your password, enter the password for the test user. Hearing the request for your password means that the phone system sent the necessary call information to Cisco Unity Connection, which correctly interpreted the information.
Step 3 Confirm that you hear the recorded name for the test user (if you did not record a name for the test user, you will hear the extension number for Phone 1). Hearing the recorded name means that Cisco Unity Connection correctly identified the user by the extension.
Step 5 After listening to the message, delete the message.
Step 6 Confirm that the MWI on Phone 1 is deactivated. The deactivated MWI means that the phone system and Cisco Unity Connection are successfully integrated for turning off MWIs.
Step 8 On the Port Monitor, confirm that the state of the port handling the call changes to “Idle.” This state means that the port was successfully released when the call ended.
To Set Up Supervised Transfer on Cisco Unity Connection
Step 1 In Cisco Unity Connection Administration, on the Edit Transfer Rule page for the test user, in the Transfer Type field, select Supervise Transfer.
Step 2 In the Rings to Wait For field, enter 3.
Step 4 Minimize the Cisco Unity Connection Administration window.
Do not close the Cisco Unity Connection Administration window because you will use it again in a later procedure.
Step 1 From Phone 2, enter the access code necessary to get an outside line, then enter the number outside callers use to dial directly to Cisco Unity Connection.
Step 2 On the Port Monitor, note which port handles this call.
Step 3 When you hear the opening greeting, enter the extension for Phone 1. Hearing the opening greeting means that the port is configured correctly.
Step 4 Confirm that Phone 1 rings and that you do not hear a ringback tone on Phone 2. Instead, you should hear the indication your phone system uses to mean that the call is on hold (for example, music).
Step 5 Leaving Phone 1 unanswered, confirm that the state of the port handling the call remains “Busy.” This state and hearing an indication that you are on hold mean that Cisco Unity Connection is supervising the transfer.
Step 6 Confirm that, after three rings, you hear the greeting for the test user. Hearing the greeting means that Cisco Unity Connection successfully recalled the supervised-transfer call.
Step 7 During the greeting, hang up Phone 2.
Step 8 On the Port Monitor, confirm that the state of the port handling the call changes to “Idle.” This state means that the port was successfully released when the call ended.
If Cisco Unity Connection is set up for Cisco Unified CM authentication or encryption, do the following procedure.
To Test Cisco Unified CM Authentication and Encryption
Step 1 From Phone 1, dial the internal pilot number for Cisco Unity Connection.
Step 2 Confirm that the authentication icon and/or the encryption icon appear on the LCD of the phone.
Appendix: Cisco Unified Communications Manager Authentication and Encryption of Cisco Unity Connection Voice Messaging Ports
A potential point of vulnerability for a Cisco Unity Connection system is the connection between Cisco Unity Connection and Cisco Unified Communications Manager. Possible threats include:
- Man-in-the-middle attacks (a process in which an attacker observes and modifies the information flow between Cisco Unified CM and the Cisco Unity Connection voice messaging ports)
- Network traffic sniffing (a process in which an attacker uses software to capture phone conversations and signaling information that flow between Cisco Unified CM, the Cisco Unity Connection voice messaging ports, and IP phones that are managed by Cisco Unified CM)
- Modification of call signaling between the Cisco Unity Connection voice messaging ports and Cisco Unified CM
- Modification of the media stream between the Cisco Unity Connection voice messaging ports and the endpoint (for example, a phone or gateway)
- Identity theft of the Cisco Unity Connection voice messaging port (a process in which a non-Cisco Unity Connection device presents itself to Cisco Unified CM as a Cisco Unity Connection voice messaging port)
- Identity theft of the Cisco Unified CM server (a process in which a non-Cisco Unified CM server presents itself to Cisco Unity Connection voice messaging ports as a Cisco Unified CM server)
Cisco Unified CM Security Features
Cisco Unified CM can secure the connection with Cisco Unity Connection against these threats. The Cisco Unified CM security features that Cisco Unity Connection can take advantage of are described in Table 16 .
Authentication and signaling encryption serve as the minimum requirements for media encryption; that is, if the devices do not support signaling encryption and authentication, media encryption cannot occur.
Note Cisco Unified CM authentication and encryption protects only calls to Cisco Unity Connection. Messages recorded on the message store are not protected by the Cisco Unified CM authentication and encryption features.
Functional Overview
The security features (authentication and encryption) between Cisco Unity Connection and Cisco Unified CM require the following:
- A Cisco Unified CM CTL file that lists all Cisco Unified CM servers that are entered in Cisco Unity Connection Administration for secure Cisco Unified CM clusters.
- A Cisco Unity Connection server root certificate for each Cisco Unity Connection server that uses authentication and/or encryption. A root certificate is valid for 20 years from the time it was created.
- Cisco Unity Connection voice messaging port device certificates that are rooted in the Cisco Unity Connection server root certificate and that the voice messaging ports present when registering with the Cisco Unified CM server.
The process of authentication and encryption of Cisco Unity Connection voice messaging ports is as follows:
1. Each Cisco Unity Connection voice messaging port connects to the TFTP server, downloads the CTL file, and extracts the certificates for all Cisco Unified CM servers.
2. Each Cisco Unity Connection voice messaging port establishes a network connection to the Cisco Unified CM TLS port. By default, the TLS port is 2443, though the port number is configurable.
3. Each Cisco Unity Connection voice messaging port establishes a TLS connection to the Cisco Unified CM server, at which time the device certificate is verified and the voice messaging port is authenticated.
4. Each Cisco Unity Connection voice messaging port registers with the Cisco Unified CM server, specifying whether the voice messaging port will also use media encryption.
When a call is made between Cisco Unity Connection and Cisco Unified CM, the call-signaling messages and the media stream are handled in the following manner:
- If both end points are set for encrypted mode, the call-signaling messages and the media stream are encrypted.
- If one end point is set for authenticated mode and the other end point is set for encrypted mode, the call-signaling messages are authenticated. But neither the call-signaling messages nor the media stream are encrypted.
- If one end point is set for non-secure mode and the other end point is set for encrypted mode, neither the call-signaling messages nor the media stream are encrypted.
Requirements
Cisco Unified CM security features for voice messaging ports have the following requirements:
Cisco Unified Communications Manager Server
- A license that enables the applicable number of voice messaging ports.
- Two secure tokens, installed.
- In Cisco Unified CM Administration, on the System > Enterprise Parameters Configuration page, under Security Parameters, the Cluster Security Mode parameter set to 1 (enabled).
For instructions, refer to the “Configuring the Cisco CTL Client” chapter of the Cisco Unified Communications Manager Security Guide at http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_maintenance_guides_list.html.
- In Cisco Unified Serviceability, on the Tools > Control Center - Feature Services page, under CM Services, the Cisco CallManager and Cisco Tftp services restarted.
- A phone security profile with the device security mode set to the same security mode as the Cisco Unified CM ports and the Cisco Unity Connection ports.
- On the Device > Phone > Phone Configuration page for the applicable phones:
– Under Protocol Specific Information, the Device Security Profile field set to the applicable phone security profile.
– Under Certification Authority Proxy Function (CAPF) Information, the Certification Operation field set to Install/Upgrade.
- The Cisco Unified CM ports set to the same security mode as the applicable phones and the Cisco Unity Connection ports.
- The individual (physical) phones with the following settings on the Settings > Security Configuration screen:
– Security Mode set to the same security mode as the Cisco Unified CM ports and the Cisco Unity Connection ports.
Security Mode Settings in Cisco Unity Connection
The Security Mode settings in Cisco Unity Connection Administration determine how the ports handle call-signaling messages and whether encryption of the media stream is possible. Table 17 describes the effect of the Security Mode settings on the Telephony Integrations > Port > Port Basics page for each port.
Disabling and Re-Enabling Security
The authentication and encryption features between Cisco Unity Connection and Cisco Unified CM can be enabled and disabled by changing the Security Mode for Cisco Unified CM to Non Secure, and by changing the applicable settings in the Cisco Unified CM Administration.
Authentication and encryption can be re-enabled by changing the Security Mode to Authenticated or Encrypted.
Settings for Individual Voice Messaging Ports
For troubleshooting purposes, authentication and encryption for Cisco Unity Connection voice messaging ports can be individually enabled and disabled. At all other times, we recommend that the Security Mode setting for all individual voice messaging ports in a Cisco Unified CM port group be the same.
Documentation Conventions
The Cisco Unified Communications Manager SCCP Integration Guide for Cisco Unity Connection in Cisco Unified CMBE Release 10.x uses the following conventions.
The Cisco Unified Communications Manager SCCP Integration Guide for Cisco Unity Connection in Cisco Unified CMBE Release 10.x also uses the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the document.
Cisco Unity Connection Documentation
For descriptions and URLs of Cisco Unity Connection documentation on Cisco.com, see the Cisco Business Edition Documentation Guide. The document is shipped with Cisco Business Edition and is available at http://www.cisco.com/en/US/products/ps7273/products_documentation_roadmaps_list.html.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
Cisco Product Security Overview
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.
Further information regarding U.S. export regulations can be found at http://www.access.gpo.gov/bis/ear/ear_data.html.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.