Cisco CCIE Collaboration Exam 400-051: SIP Trunk Security Profile Configuration

Which settings to configure on SIP Trunk Security Profile for IM & Presence Service SIP Trunk? (Choose two.)

Prev Question Next Question

Question

Which two settings should be configured on the SIP Trunk Security Profile for the IM & Presence Service SIP Trunk? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AB.

Configure SIP Trunk Security Profile for IM and Presence Service Procedure -

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Choose Cisco Unified CM Administration > System > Security > SIP Trunk Security Profile. Click Find. Click Non Secure SIP Trunk Profile. Click Copy and enter CUP Trunk in the Name field. Verify that the setting for Device Security Mode is Non Secure. Verify that the setting for Incoming Transport Type is TCP+UDP. Verify that the setting for Outgoing Transport Type is TCP. Check to enable these items: * Accept Presence Subscription © Accept Out-of Dialog REFER © Accept Unsolicited Notification * Accept Replaces Header Click Save.

References: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/configAdminGuide/9_0/CUP0_BK_CFF5B189_00_config-admin-guide-imp- 90/CUP0_BK_CFF5B189_00_config-admin-guide-imp-90_chapter_0101.html.

The SIP Trunk Security Profile is a configuration object in Cisco Unified Communications Manager that specifies security-related settings for SIP trunks. When configuring a SIP trunk for the IM & Presence Service (IM&P), two settings that should be configured on the SIP Trunk Security Profile are:

A. Check to enable Accept Presence Subscription: This setting allows the IM&P server to subscribe to presence updates from other Unified Communications Manager clusters or endpoints over the SIP trunk. Enabling this option is required for the IM&P server to receive presence updates, which is essential for the presence functionality to work correctly.

B. Verify that the setting for Incoming Transport Type is TCP+UDP: This setting determines the transport protocol used for incoming SIP messages from the IM&P server to Unified Communications Manager. By default, SIP trunks in Unified Communications Manager use TCP as the incoming transport protocol. However, the IM&P server supports both TCP and UDP for SIP messages, so it is recommended to configure the Incoming Transport Type as TCP+UDP to ensure proper communication between the two systems.

C. Configure Device Security Mode to Encrypted: This setting specifies the level of security for the SIP trunk. Selecting "Encrypted" means that all signaling and media traffic is encrypted using Transport Layer Security (TLS). This setting is important for secure communication between the IM&P server and Unified Communications Manager.

D. Check to enable Enable Application Level Authorization: This option provides an additional layer of security by requiring that the SIP trunk authenticate the source of each SIP message before processing it. Enabling this option helps protect against SIP message manipulation, spoofing, and unauthorized access.

E. Configure the Outgoing Transport Type to TLS: This setting determines the transport protocol used for outgoing SIP messages from Unified Communications Manager to the IM&P server. By default, SIP trunks in Unified Communications Manager use TCP as the outgoing transport protocol. However, it is recommended to configure the Outgoing Transport Type as TLS to ensure secure communication between the two systems.

In summary, to configure the SIP Trunk Security Profile for the IM&P service, it is essential to enable Accept Presence Subscription, configure Incoming Transport Type as TCP+UDP, and optionally configure Device Security Mode to Encrypted and Enable Application Level Authorization. Additionally, it is recommended to configure Outgoing Transport Type as TLS for enhanced security.

Prev Question Next Question