Cisco Systems ASA 5580 Manual De Usuario

If NAT is configured for the TFTP server or Cisco UCMs, the translated “global” address must be used 
in the ACLs.

 lists the ports that are required to be configured on the existing firewall:

All these ports are configurable on the Cisco UCM, except for TFTP.  These are the default 
values and should be modified if they are modified on the Cisco UCM. For example, 3804 is the 
default port for the CAPF Service. This default value should be modified if it is modified on the 
Cisco UCM. 

If NAT is configured for the TFTP server, the NAT configuration must be configured prior to 
configuring the tftp-server command under the phone proxy.

If NAT is configured for the TFTP server or Cisco UCMs, the translated “global” address must be 
used in the ACLs.

When the Skinny inspection global port is configured to use a non-default port, then you must 
configure the nonsecure port as the 

global_sccp_port+443

.  

Therefore, if global_sccp_port is 7000, then the global secure SCCP port is 7443. Reconfiguring the 
port might be necessary when the phone proxy deployment has more than one Cisco UCM and they 
must share the interface IP address or a global IP address.

/* use the default ports for the first CUCM */

object network obj-10.0.0.1-01

host 10.0.0.1

nat (inside,outside) static interface service tcp 2000 2000

object network obj-10.0.0.1-02

host 10.0.0.1

nat (inside,outside) static interface service tcp 2443 2443

/* use non-default ports for the 2nd CUCM */

object network obj-10.0.0.2-01

host 10.0.0.2

nat (inside,outside) static interface service tcp 2000 7000

object network obj-10.0.0.2-02

Media Termination

1024-65535

UDP

Allow incoming SRTP

TFTP Server

69

UDP

Allow incoming TFTP

Cisco UCM

2443

TCP

Allow incoming secure 
SCCP

Cisco UCM

5061

TCP

Allow incoming secure 
SIP

CAPF Service (on Cisco 
UCM)

3804

TCP

Allow CAPF service for 
LSC provisioning