Cisco Systems ASA 5580 Manual De Usuario
16-38
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Troubleshooting the Phone Proxy
Make sure that each media-termination instance is created correctly and that the address or addresses are
set correctly. The ASA must meet specific criteria for media termination. See
set correctly. The ASA must meet specific criteria for media termination. See
for the complete list of prerequisites that you must follow when
creating the media termination instance and configuring the media termination addresses.
IP Phone Registration Failure from Signaling Connections
Problem
The IP phone is unable to complete the TLS handshake with the phone proxy and download its
files using TFTP.
Solution
Step 1
Determine if the TLS handshake is occurring between the phone proxy and the IP phone, perform the
following:
following:
a.
Enable logging with the following command:
hostname(config)# logging buffered debugging
b.
To check the output from the syslogs captured by the logging buffered command, enter the
following command:
following command:
hostname# show logging
The syslogs will contain information showing when the IP phone is attempting the TLS handshake,
which happens after the IP phone downloads its configuration file.
which happens after the IP phone downloads its configuration file.
Step 2
Determine if the TLS proxy is configured correctly for the phone proxy:
a.
Display all currently running TLS proxy configurations by entering the following command:
hostname# show running-config tls-proxy
tls-proxy proxy
server trust-point _internal_PP_<ctl_file_instance_name>
client ldc issuer ldc_signer
client ldc key-pair phone_common
no client cipher-suite
hostname#
b.
Verify that the output contains the server trust-point command under the tls-proxy command (as
shown in substep
shown in substep
).
If you are missing the server trust-point command, modify the TLS proxy in the phone proxy
configuration.
configuration.
See Step 3 in the
.
Having this command missing from the TLS proxy configuration for the phone proxy will cause
TLS handshake failure.
TLS handshake failure.
Step 3
Verify that all required certificates are imported into the ASA so that the TLS handshake will succeed.
a.
Determine which certificates are installed on the ASA by entering the following command:
hostname# show running-config crypto
Additionally, determine which certificates are installed on the IP phones. See
for information about checking the IP phone to determine
if it has MIC installed on it.