Cisco CUCM Configuration
This topic contains detailed configuration guidelines to enable call recording for Cisco Active:
Step | Reference | Description |
|---|---|---|
1 | Set up Active Recording using the CUCM. | |
2 | Set up Secure Active Recording using the CUCM. | |
3 | Set up Secure JTAPI connection using the CUCM. |
Note
The configuration steps detailed in this Technical Guide:
Cover pre-requisite installation/configuration steps prior to a Uniphore engineer install of the U‑Capture Cisco Active integration, and provide for general Cisco CUCM config updates (if needed).
Should be performed by a suitably qualified Cisco engineer/administrator only. Uniphore recommends this is performed as an assisted/supervised install with a Uniphore engineer, please contact your Uniphore representative to discuss options.
Illustrate use of Cisco admin tools and processes. These are subject to regular changes from Cisco and although the configuration steps covered here will be maintained to ensure the correct process is followed, there may be some differences present.
Active Recording – CUCM Configuration
Most of the configuration required to enable recording using Cisco DMS is performed using the Cisco Unified Communications Manager (CUCM). This section describes the required process to follow, with the following points showing the high-level steps in the configuration process:
Create a Route Group, a Route List and a Route Pattern
Optional config for Recording-Enabled Gateway (CUCM 10.5.x only).
Configuration steps should be carried out by a suitably trained engineer. All configuration details including graphics/screenshots are provided for guidance only.
Create the SIP Trunk and Enable Recording
Create the SIP Trunk
From the drop-down menu at the top right side of the Cisco Unified Operating System Administration page, select Cisco Unified CM Administration and click Go.
Select System > Security > SIP Trunk Security Profile and click Add New.
Enter a Name , change the Outgoing Transport Type to UDP , and click Save.
Select Device > Trunk and click Add New.
For Trunk Type select SIP Trunk , for Device Protocol select SIP , and click Next.
In the Device Name field enter the new Trunk name (e.g., RedBoxTrunk).
For Device Pool select Default.
Scroll down to the SIP Information section. In the Destination Address , enter the IP address of the U‑Capture Collector that will be recording these devices. You should leave the Destination Port as 5060 unless instructed otherwise by the site administrator.
For SIP Trunk Security Profile select Non-Secure SIP Trunk Profile.
For SIP Profile select Standard SIP Profile.
Click Save , and then click Reset.
Additional Requirements for Failover Systems
Enable SIP Options Ping (Optional)
The SIP Options Ping feature can be enabled on the SIP Profile associated with a SIP trunk to dynamically track the state of the trunk's destination(s).
Select Device > Device Settings > SIP Profile and click Standard SIP Profile.
Click on the Copy button.
In the SIP Profile Information section enter a new Name and Description.
Scroll down to the SIP OPTIONS Ping section and tick the Enable Options Ping … box.
Set the intervals as required, but we recommend reducing the Ping Interval for In-service and Partially In-service Trunks to 30 seconds and the Ping Retry Count to 4.
Click Save.
You can now apply this newly created profile to a trunk, as detailed in Create the SIP Trunk.
Create a Route Group
Select Call Routing > Route/Hunt > Route Group and click Add New.
In the Route Group Name field enter a name (e.g., Redbox_RouteGroup).
From the Distribution Algorithm drop-down list select the Top Down option.
Scroll down to the Current Route Group Members.
To change the priority of a device, choose a device name in the Selected Devices list box. Move the device up or down in the list by clicking the arrows on the right side of the list box.
To reverse the priority order of the devices in the Selected Devices list box, click on Reverse Order of Selected Devices.
Click Save.
Create a Route List
Create a Route Pattern
Change System Parameters
Select System > Service Parameters.
From the Server drop-down list select the required server.
From the Service drop-down list select the required service.
Still on the same screen, scroll down to the Clusterwide Parameters (Route Plan) section.
Change the settings for both Stop Routing on Unallocated Number Flag and Stop Routing on User Busy Flag , to False.
Click Save.
Create a Recording Profile
Enable Phones for Recording
Select Device > Phone and click Find to display the list of phones.
Click on the phone that you want to enable for recording.
In the Device Information section, set Built in Bridge to On and Privacy to Off.
Click Save , and do not reset the phone.
In the Association section, click on the Line xxxx you wish to record.
In the Line xxxx section, set the Recording Option to Automatic Call Recording Enabled, and the Recording Profile to the one created earlier (e.g., RedBoxRecordingProfile).
Click Save, then click Reset.
Create the CTI Enabled User
Install TAPI
CUCM 10.5.x – Recording-Enabled Gateway
For CUCM 10.5.x there is an extra recording option using the Recording-Enabled Gateway. To use this option, you must connect your SIP trunk to a Cisco UC ISR G2 router with Cisco IOS Release 15.2(2) T or above.
The SIP trunk on the CUCM must be configured as being connected to a Recording-Enabled Gateway.
Select Device > Trunk and click Find to list the trunks.
Click on the SIP Trunk you want to connect to the recording-enabled gateway to open its Trunk Configuration screen.
Scroll down to the Recording Information section and select This trunk connects to a recording-enabled gateway and click Save.
On the gateway site administrators must configure the WSAPI source address (address of the gateway) and XMF provider (URL of the CUCM).
To view further information about WSAPI and XMF – see References and Supporting Information and follow the link provided.
Secure Active Recording – CUCM Configuration
Secure Active Recording builds on the configuration for Cisco Active Recording – see Active Recording – CUCM Configuration. This section describes the required process to follow, with the following points showing the high-level steps in the configuration process:
Create a SIP Security Profile
To be able to setup a SIP trunk as a secure trunk, a SIP Security Profile must be created. This produces a profile that can be shared across multiple SIP devices in the CUCM. This profile will only be applied to the SIP Trunk for recording.
From the drop-down menu at the top right side of the Cisco Unified Operating System Administration page, select Cisco Unified CM Administration and click Go.
Select System > Security > SIP Trunk Security Profile and click Add New.
Create a new SIP Security Profile with:
Name – Secure SIP Recording
Device Security Mode – Encrypted
Incoming Transport Type – TLS
Ougoing Transport Type – TLS
X.509 Subject Name – RedBoxRecorder
Incoming Port – 5061
Click Save and then click Reset to confirm.
Configure the SIP Trunk for Security
The SIP Trunk must be configured to use the SIP Security Profile and treat calls as secure. When complete, the CUCM will use a secure connection to the Collector and allow encrypted calls to be recorded.
Select Device > Trunk and click on the SIP Trunk configured for recording.
Scroll down the Device Information section and click on the SRTP Allowed tick box.
Scroll down to the SIP Information section and in the Destination Port field enter 5061 and click Save.
Select System > Security > SIP Trunk Security Profile and click Save.
Verification
Start sniffing with Wireshark. Dial the route pattern for the trunk from any Cisco phone registered with the CUCM. This will cause the CUCM to send secure SIP to the Collector.
In Wireshark using the display filter tcp.port == 5061 confirm that SSL protocol is being used between the CUCM and the Collector. Confirm that there is data being exchanged. The data will be encrypted so reading it will not be possible.
Port 5061 is the secure SIP port. If there’s SSL data on it, then the CUCM and the Collector are using secure SIP.
Create a SIP Security Profile
To be able to setup a SIP trunk as a secure trunk, a SIP Security Profile must be created. This produces a profile that can be shared across multiple SIP devices in the CUCM. This profile will only be applied to the SIP Trunk for recording.
From the drop-down menu at the top right side of the Cisco Unified Operating System Administration page, select Cisco Unified CM Administration and click Go.
Select System > Security > SIP Trunk Security Profile and click Add New.
Create a new SIP Security Profile with:
Name – Secure SIP Recording
Device Security Mode – Encrypted
Incoming Transport Type – TLS
Ougoing Transport Type – TLS
X.509 Subject Name – RedBoxRecorder
Incoming Port – 5061
Click Save and then click Reset to confirm.
Verification
Start sniffing with Wireshark. Dial the route pattern for the trunk from any Cisco phone registered with the CUCM. This will cause the CUCM to send secure SIP to the Collector.
In Wireshark using the display filter tcp.port == 5061 confirm that SSL protocol is being used between the CUCM and the Collector. Confirm that there is data being exchanged. The data will be encrypted so reading it will not be possible.
Port 5061 is the secure SIP port. If there’s SSL data on it, then the CUCM and the Collector are using secure SIP.
Configure the SIP Trunk for Security
The SIP Trunk must be configured to use the SIP Security Profile and treat calls as secure. When complete, the CUCM will use a secure connection to the Collector and allow encrypted calls to be recorded.
Select Device > Trunk and click on the SIP Trunk configured for recording.
Scroll down the Device Information section and click on the SRTP Allowed tick box.
Scroll down to the SIP Information section and in the Destination Port field enter 5061 and click Save.
Select System > Security > SIP Trunk Security Profile and click Save.
Cisco Secure JTAPI – CUCM Config
Note
These steps should be performed by a suitably qualified Cisco engineer/administrator only. Uniphore recommends this is performed as an assisted/supervised install with a Uniphore engineer, please contact your Uniphore representative to discuss options.
Complete the Installation/Configuration
As stated previously, the configuration steps detailed in this guide are intended to provide pre-requisite installation/configuration steps prior to a Uniphore engineer install of the Cisco Active recording integration. In order to complete the Cisco integration, please contact your Uniphore representative to arrange an engineer installation to complete the process.