Cisco Systems ATA 186 Using Encryption With the cfgfmt Tool, Command Example, Command Output

Chapter 3 Configuring the Cisco ATA for MGCP

Configuring the Cisco ATA Using a TFTP Server

The following command and output show an example of this command.

Command Example

atapname.exe 10.20.30.40.50.60

Command Output

ata0a141e28323c

Note The same functionality is available from the voice configuration menu (voice menu code 84#), which will announce the Cisco ATA profile name.

Using Encryption With the cfgfmt Tool

The EncryptKey or EncryptKeyEx parameter can be used to encrypt binary files that are transferred over TFTP. You can change encryption keys for each Cisco ATA so that only one specific Cisco ATA can decode the information.

Cisco strongly recommends using the EncryptKeyEx parameter for encryption because this parameter provides a stronger encryption than the EncryptKey parameter that was used in Cisco ATA software releases prior to release 2.16.

You must use version 2.3 of the cfgfmt configuration-file generation tool to use the new EncryptKeyEx parameter. This tools comes bundled with Cisco ATA software version 3.0. To verify that you have version 2.3 of the cfgfmt tool type the following command:

cfgfmt

The version number of the cfgfmt tool will be returned.

You can configure the EncryptKeyEx parameter by using the Cisco ATA Web configuration page or by using the TFTP configuration method. (For more information, see the “EncryptKeyEx” section on page 5-7.)

You can configure the EncryptKey parameter by using the Cisco ATA Web configuration page, the voice configuration menu, or by using the TFTP configuration method. (For more information, see the “EncryptKey” section on page 5-6.)

By default, the Cisco ATA-specific ata<macaddress> configuration file(s) are not encrypted. If encryption is required, however, you must manually configure the EncryptKeyEx or EncryptKey parameter before you boot up the Cisco ATA so that the TFTP method is secure. The Cisco ATA uses the RC4 cipher algorithm for encryption.

Note Because the factory-fresh ATA cannot accept encrypted configuration files, the first unencrypted file, if intercepted, can easily be read. (You would still have to know the data structure format in order to decode the binary information from the unencrypted file.) Therefore, the new encryption key in the unencrypted file can be compromised.

Note For security reasons, Cisco recommends that you set the UIPassword parameter (if desired) in the configuration file and not by using one of the manual configuration methods.

Cisco ATA 186 and Cisco ATA 188 Analog Telephone Adaptor Administrator’s Guide for MGCP (version 3.0)