Cisco Systems ASA 5580 Manual De Usuario
15-6
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 15 Using the Cisco Unified Communication Wizard
Configuring the Phone Proxy by using the Unified Communication Wizard
Step 2
Specify each entity in the network (all Cisco UCM and TFTP servers) that the IP phones must trust. Click
Add to add the servers. See
Add to add the servers. See
To modify the configuration of a server already added to the configuration, select the server in the table
and click Edit. The Edit Server dialog appears. See
and click Edit. The Edit Server dialog appears. See
.
At least one Cisco UCM and at least one TFTP server must be configured for the phone proxy.
Step 3
Specify the security mode of the Cisco UCM cluster by clicking one of the following options in the
Unified CM Cluster Mode field:
Unified CM Cluster Mode field:
•
Non-secure—Specifies the cluster to be in nonsecure mode when configuring the Phone Proxy
feature.
feature.
•
Mixed—Specifies the cluster to be in mixed mode when configuring the Phone Proxy feature.
If you selected the Mixed security mode, the Generate and Export LDC Certificate button becomes
available.
available.
Step 4
For a Mixed security mode only, configure local dynamic certificates (LDC) for the IP phones by
performing the following steps:
performing the following steps:
a.
Click the Generate and Export LDC Certificate button.
A dialog box appears stating “Enrollment succeeded,” which indicates that the LDC was generated.
b.
Click OK to close the Enrollment Status dialog box. The Export certificate dialog box appears.
c.
In the Export to File field, enter the file name and path for the LDC or click browse to locate and
select an existing file.
select an existing file.
d.
Click the Export Certificate button. A dialog box appears indicating that the file was exported
successfully.
successfully.
e.
Click OK to close the dialog box. A dialog box appears reminding you to install the LDC on the
Cisco UCMs.
Cisco UCMs.
f.
Click OK to close the dialog box.
Once configured, the ASA presents this unique, dynamically-created certificate to the Cisco UCM
on behalf of the IP phones.
on behalf of the IP phones.
Step 5
Click Next.
Configuring Servers for the Phone Proxy
The values that you specify in this page generate address translation settings, access list entries,
trustpoints, and the corresponding CTL file entries for each server.
trustpoints, and the corresponding CTL file entries for each server.
You must add a server for each entity in the network that the IP phones must trust. These servers include
all Cisco UCM servers in the cluster and all the TFTP servers.
all Cisco UCM servers in the cluster and all the TFTP servers.
You must add at least one TFTP server and at least one Cisco UCM server for the phone proxy. You can
configure up to five TFTP servers for the phone proxy. The TFTP server is assumed to be behind the
firewall on the trusted network; therefore, the phone proxy intercepts the requests between the IP phones
and TFTP server.
configure up to five TFTP servers for the phone proxy. The TFTP server is assumed to be behind the
firewall on the trusted network; therefore, the phone proxy intercepts the requests between the IP phones
and TFTP server.
Note
When you delete a TFTP server from the Server list in Step 2 of the wizard, ASDM deletes only the
TFTP server IP address from the configuration and does not remove from the configuration all the ACLs,
NAT statements, object groups, etc. attached to the TFTP server. To remove those attached configuration
TFTP server IP address from the configuration and does not remove from the configuration all the ACLs,
NAT statements, object groups, etc. attached to the TFTP server. To remove those attached configuration