Skip to Content

Cisco 300-820: What SIP Trunk Security Profile Configuration Is Used for Secured SIP Trunk to Expressway Server Integrated with Cisco UCM for Mobile and Remote Access?

By: Author Alex Lim

Posted on

Categories Exam

Learn the correct SIP trunk security profile configuration on Cisco UCM server for a secured SIP trunk to an Expressway server integrated with Cisco UCM for Mobile and Remote Access. Get detailed explanation from Cisco 300-820 certification exam expert.

Table of Contents

Question

Refer to the exhibit. Which SIP trunk security profile configuration on the Cisco UCM server is used for a secured SIP trunk to an Expressway server that is already integrated with the Cisco UCM for Mobile and Remote Access?

Which SIP trunk security profile configuration on the Cisco UCM server is used for a secured SIP trunk to an Expressway server that is already integrated with the Cisco UCM for Mobile and Remote Access?

A. Device Security Mode: Encrypted –
Incoming Transport Type: TLS –
Outgoing Transport Type: TLS –
Incoming Port*: 5061

B. Device Security Mode: Encrypted –
Incoming Transport Type: TLS –
Outgoing Transport Type: TLS –
Incoming Port*: 6061

C. Device Security Mode: Non-Secure
Incoming Transport Type: TCP+UDP
Outgoing Transport Type: TCP –
Incoming Port*: 5060

D. Device Security Mode: Authenticated
Incoming Transport Type: TLS –
Outgoing Transport Type: TLS –
Incoming Port*: 6061

Answer

A. Device Security Mode: Encrypted –
Incoming Transport Type: TLS –
Outgoing Transport Type: TLS –
Incoming Port*: 5061

Explanation

For a secured SIP trunk between Cisco Unified Communications Manager (UCM) and Expressway that is already integrated for Mobile and Remote Access (MRA), the SIP trunk security profile on UCM should be configured as follows:

  • Device Security Mode must be set to “Encrypted” to enable TLS encryption of the SIP signaling.
  • Both the Incoming Transport Type and Outgoing Transport Type need to be “TLS” to use TLS in both directions.
  • The standard TLS port for SIP is 5061, so the Incoming Port should be set to 5061.

The other options are incorrect:

B is wrong because it uses port 6061 instead of the standard 5061.

C is wrong because it uses “Non-Secure” mode and TCP/UDP transport instead of “Encrypted” mode with TLS.

D is close but uses the non-standard port 6061 and “Authenticated” mode instead of “Encrypted”.

So in summary, to properly secure the SIP trunk for Expressway MRA integration, UCM must be configured to use TLS encryption on the standard SIP TLS port 5061 in both directions, as shown in option A.

Cisco 300-820 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco 300-820 exam and earn Cisco 300-820 certification.