Parameter name
Values
Registration
Policy
Search
rules
Call
Policy
User
Policy
TRAVERSAL_TYPE
TYPE_[UNDEF /
ASSENTSERVER /
ASSENTCLIENT /
H460SERVER /
H460CLIENT /
TURNSERVER /
TURNCLIENT / ICE]
ü
ü
ü
UNAUTHENTICATED_SOURCE_
ALIAS
ü
ü
ü
UTCTIME
ü
ü
ü
ü
ZONE_NAME
ü
ü
ü
Cryptography support
External policy servers should support TLS and AES-256/AES-128/3DES-168.
SHA-1 is required for MAC and Diffie-Hellman / Elliptic Curve Diffie-Hellman key exchange; the VCS does
not support MD5.
Default CPL for policy services
When configuring a policy service, you can specify the
Default CPL
that is used by the VCS if the service is
not available.
The
Default CPL
for registrations and Call Policy defaults to:
<reject status='403' reason='Service Unavailable'/>
and this will reject the request.
The
Default CPL
for policy services used by search rules defaults to:
<reject status='504' reason='Policy Service Unavailable'/>
and this will stop the search via that particular search rule.
This default CPL mean that in the event of a loss of connectivity to the policy server, all call and registration
requests will be rejected. If this is not your required behavior then you are recommended to specify
alternative default CPL.
We recommend that you use unique reason values for each type of service, so that if calls or registrations are
rejected it is clear why and which service is rejecting the request.
Cisco VCS Administrator Guide (X8.1.1)
Page 492 of 507
Reference material
External policy overview