-
Cisco Unified CallManager Security Guide, Release 5.0(4)
-
Index
-
Preface
-
Security Overview (Revised 10/2/2006)
-
Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)
-
Configuring the Cisco CTL Client
-
Phone Security Overview (Revised 10/2/2006)
-
Configuring a Phone Security Profile
-
Using the Certificate Authority Proxy Function (Revised 10/2/2006)
-
Configuring Encrypted Phone Configuration Files (Revised 10/2/2006)
-
Configuring Digest Authentication for the SIP Phone
-
Phone Hardening
-
Configuring Voice Messaging Ports for Security
-
Configuring Authentication and Encryption for CTI, JTAPI, and TAPI (Revised 9/26/2006)
-
Configuring a Secure Survivable Remote Site Telephony (SRST) Reference
-
Configuring Encryption for Gateways and Trunks
-
Configuring a SIP Trunk Security Profile
-
Configuring Digest Authentication for the SIP Trunk
-
Feedback
Table Of Contents
Configuring Digest Authentication for the SIP Phone
SIP Phone Digest Authentication Configuration Checklist
Configuring Digest Authentication Service Parameters
Configuring Digest Credentials in the End User Configuration Window
End User Digest Credential Configuration Settings
Configuring the Digest User in the Phone Configuration Window
Where to Find More Information
Configuring Digest Authentication for the SIP Phone
When you configure digest authentication for SIP phones, Cisco Unified CallManager challenges the identity of the phone every time that the phone sends a SIP request to Cisco Unified CallManager. For additional information on how digest authentication works for SIP phones, see the "Digest Authentication" section on page 1-16.
For information about configuring digest authentication for non-Cisco SIP phones, refer to Appendix C in the Cisco Unified CallManager Administration Guide.
This chapter contains information on the following topics:
•
SIP Phone Digest Authentication Configuration Checklist
•
•
•
•
•
SIP Phone Digest Authentication Configuration Checklist
Table 8-1 describes the tasks to configure digest authentication for SIP phones.
Table 8-1 SIP Phone Digest Authentication Configuration Checklist
Step 1
Configure the SIP phone security profiles; make sure that you check the Enable Digest Authentication check box.
Step 2
Apply a SIP phone security profile to the phone.
Step 3
If you want to update the default setting, configure service parameters that are related to digest authentication; for example, configure the SIP Station Realm service parameter.
Step 4
Configure the digest credentials in the End User Configuration window.
•
Step 5
Choose the Digest User in the Phone Configuration window.
Choosing a digest user for a Cisco Unified SIP IP Phone models 7970, 7971, 7961G/41G, 7961GE/41GE, and 7911 ensures that the digest credentials get included in the phone configuration file.
Configuring the Digest User in the Phone Configuration Window
Step 6
On the Cisco Unified SIP IP Phone models 7940 or 7960, enter the digest credentials that you configured in the End User Configuration window.
The Cisco Unified CallManager Security Guide does not provide information on how to enter the digest authentication credentials on the phone. For information on how to perform this task, refer to the Cisco Unified IP Phone administration guide that supports your phone model and this version of Cisco Unified CallManager.
Configuring Digest Authentication Service Parameters
The SIP Realm Station service parameter, which supports the Cisco CallManager service, specifies the string that is used in the realm field when Cisco Unified CallManager challenges a SIP phone in response to a 401 Unauthorized message. For additional information on the parameter, click the question mark or the parameter name link that displays in the Service Parameter Configuration window.
To update digest authentication service parameters, for example, the SIP Realm Station parameter, perform the following procedure:
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
Additional Information
See the "Related Topics" section.
Configuring Digest Credentials in the End User Configuration Window
The following procedure assumes that the end user exists in the Cisco Unified CallManager database. To configure digest credentials for the end user, perform the following procedure:
Procedure
Step 1
Step 2
Step 3
Step 4
Additional Steps
After you configure digest credentials in the End User Configuration window, choose the digest user for the phone by accessing the Phone Configuration window in Cisco Unified CallManager Administration.
After you choose the digest user, enter the digest authentication credentials that you get from the End User Configuration window on the Cisco Unified SIP IP Phone 7960 or 7940.
Additional Information
See the "Related Topics" section.
End User Digest Credential Configuration Settings
Table 8-2 describes the settings for the digest credential settings in the End User Configuration window in Cisco Unified CallManager Administration. For related procedures, see the "Configuring the Digest User in the Phone Configuration Window" section.
Configuring the Digest User in the Phone Configuration Window
To associate a digest user with a phone, perform the following procedure:
Procedure
Step 1
Step 2
Step 3
Step 4
After you associate the end user with the phone, save the configuration and reset the phone, Cisco Unified CallManager challenges all SIP requests from the phone; Cisco Unified CallManager uses the digest credentials for the end user, as configured in the End User Configuration window, to validate the credentials that the phone offers.
If the phone supports extension mobility, then Cisco Unified CallManager uses the digest credentials for the extension mobility end user, as configured in the End User Configuration window, when the extension mobility user logs in.
Additional Information
See the "Related Topics" section.
Where to Find More Information
Related Topics
•
•
•
•
•
•
•
Related Cisco Documentation
Cisco Unified IP Phone administration guide that supports your phone model and this version of Cisco Unified CallManager