Cisco Systems ASA 5580 Manual De Usuario
16-14
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
–
Two SIP IP phones: both in non-secure mode
Two SCCP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, both in encrypted mode
authenticated mode, both in encrypted mode
–
Two SIP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, both in encrypted mode
authenticated mode, both in encrypted mode
Two SCCP IP phones: both in non-secure mode
This limitation results from the way the application-redirect rules (rules that convert TLS to TCP)
are created for the IP phones.
are created for the IP phones.
Media Termination Address Guidelines and Limitations
The phone proxy has the following limitations relating to configuring the media-termination address:
•
When configuring the media-termination address, the phone proxy does not support having internal
IP phones (IP phones on the inside network) being on a different network interface from the Cisco
UCM unless the IP phones are forced to use the non-secure Security mode.
IP phones (IP phones on the inside network) being on a different network interface from the Cisco
UCM unless the IP phones are forced to use the non-secure Security mode.
When internal IP phones are on a different network interface than the Cisco UCM, the IP phones
signalling sessions still go through ASA; however, the IP phone traffic does not go through the
phone proxy. Therefore, Cisco recommends that you deploy internal IP phones on the same network
interface as the Cisco UMC.
signalling sessions still go through ASA; however, the IP phone traffic does not go through the
phone proxy. Therefore, Cisco recommends that you deploy internal IP phones on the same network
interface as the Cisco UMC.
If the Cisco UMC and the internal IP phones must be on different network interfaces, you must add
routes for the internal IP phones to access the network interface of the media-termination address
where Cisco UMC resides.
routes for the internal IP phones to access the network interface of the media-termination address
where Cisco UMC resides.
When the phone proxy is configured to use a global media-termination address, all IP phones see
the same global address, which is a public routable address.
the same global address, which is a public routable address.
•
If you decide to configure a media-termination address on interfaces (rather than using a global
interface), you must configure a media-termination address on at least two interfaces (the inside and
an outside interface) before applying the phone-proxy service policy. Otherwise, you will receive an
error message when enabling the Phone Proxy with SIP and Skinny Inspection.
interface), you must configure a media-termination address on at least two interfaces (the inside and
an outside interface) before applying the phone-proxy service policy. Otherwise, you will receive an
error message when enabling the Phone Proxy with SIP and Skinny Inspection.
•
The phone proxy can use only one type of media termination instance at a time; for example, you
can configure a global media-termination address for all interfaces or configure a media-termination
address for different interfaces. However, you cannot use a global media-termination address and
media-termination addresses configured for each interface at the same time.
can configure a global media-termination address for all interfaces or configure a media-termination
address for different interfaces. However, you cannot use a global media-termination address and
media-termination addresses configured for each interface at the same time.
Configuring the Phone Proxy
This section includes the following topics:
•
•
•
•
•
•
•