Use the ip-network-region<region number> command to administer signaling encryption. Communication Manager handles signaling encryption on a per ip network region basis. Choose from the following values when you administer the Allowed Security Profiles for an ip network region (see Figure : 3).
Procedure
challenge (default) — provides no H.232 signaling link encryption
If a DMCC endpoint is registered to an ip network region that has challenge security profile selected, it means that no H.323 signaling link encryption is provided. The challenge setting is the default for all ip-network regions in Communication Manager.
pin-eke — provides H.323 signaling link encryption
any-auth — provides either pin-eke or challenge
If a DMCC endpoint is registered to an ip network region that has any-auth or pin-eke selected, it means that H.323 signaling link encryption is provided.
The AE Server does not provide an administrative capability for either enabling or disabling encryption for DMCC Service endpoints. The only administrative interface for enabling or disabling signaling encryption is Communication Manager ip-network region administration.
Note:
Using encryption can reduce the H.323 signaling capacity by 15%.
