178
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Unified Communications on Cisco Integrated Services Routers
Voice Security
Packet Voice Data Module
The Next-Generation Packet Voice Data Module (PVDM3) digital signal processor (DSP) modules
provide up to four times the density (per slot) of existing audio applications on Cisco voice gateway
routers. One universal DSP image for these DSP modules provides resources for time-division
multiplexing-to-Internet Protocol (TDM-to-IP) gateway functionality for digital and analog interfaces,
audio transcoding, and audio conferencing.
This enhanced DSP architecture accommodates a new packet-processing engine for rich-media voice
applications and supports the TDM voice framework used by the PVDM2 module. The PDVM3 has a
Gigabit Ethernet interface with a Multi-Gigabit Fabric to increase IP throughput, and a DSP
hardware-based health monitor provides DSP failure detection that is ten times faster than existing
technology.
To configure PVDM3 features, see the “Configuring Next-Generation High-Density PVDM3 Modules”
section on page 185.
Voice Security
The Cisco 3900 series and Cisco 2900 series ISRs support the following voice security services:
• UC Trusted Firewall, page 178
• Signaling and Media Authentication and Encryption, page 179
• Virtual Route Forward, page 179
UC Trusted Firewall
Cisco Unified Communications Trusted Firewall Control pushes intelligent services onto the network
through a Trusted Relay Point (TRP). Firewall traversal is accomplished using Simple Session Traversal
Utilities for NAT (STUN) on a TRP co-located with a Cisco Unified Communications Manager Express
(Cisco Unified CME), Cisco Unified Border Element (CUBE), Media Termination Point (MTP),
Transcoder, or Conference Bridge.
Firewall traversal for Unified Communications is often a difficult problem. Voice over IP (VoIP)
protocols use many ports for a single communication session and most of these ports (those used for
media, H.245 and so forth) are ephemeral. It is not possible to configure static rules for such ports, as
they fall in a large range. Cisco Unified Trusted Firewall opens ports dynamically based on the
conversation of trusted end-points.
By using UC Trusted Firewall in the network, following things can be achieved:
• Firewall can be made independent of protocol, because only TRP, which is controlled by Call
Control needs to be enhanced for various protocols. Firewall does not need to change.
• Increase firewall performance while opening firewall ports in the media path dynamically when a
VoIP call is made between two endpoints.
• Simplify the firewall policy configuration and integration of firewall policy generation with call
control.
• Provide a solution without compromising on network security.
To configure UC Trusted Firewall features, see Cisco Unified Communications Trusted Firewall Control
at:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/feature/guide/TrustedFirewallControll.html.
To Next Page
Loading...
