The IPSec subsystem is configured during system startup using Telephony Control Server Assistant to configure IPSec rules and profiles.
IPsec-based connections can be created for the following device types:
OAM&P servers, such as:
Common Management Portal
External Telephony Control Server Assistant server
Peer servers, such as:
Telephony Application Server server
Lotus Sametime ComAssistant server
External Media Server (MGCP signaling interface)
When provisioning IPsec for a device, the following prerequisites must be created:
An IPsec profile that describes the IPsec action being performed (Encryption, Authentication or Bypass)
An IKE profile that describes the parameters used to negotiate between the Lotus Sametime Unified Telephony and the remote endpoint
A single IPsec or IKE profile can be shared across multiple devices of different types. It is expected that a few such profiles should be sufficient to describe the required IPsec connectivity for all IPsec-based endpoints.
In addition to the profiles, a pre-shared key is also required and must be specified when assigning an IPsec profile to a device. This key forms the basis for negotiating IPsec connections between the Lotus Sametime Unified Telephony and the endpoint.
Parent topic: IPSec (Internet Protocol Security)