Cisco Systems ASA 5585-X Manual De Usuario
16-17
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Task Flow for Configuring the Phone Proxy in a Mixed-mode Cisco UCM Cluster
Note
For mixed-mode clusters, the phone proxy does not support the Cisco Unified Call Manager using TFTP
to send encrypted configuration files to IP phones through the ASA.
to send encrypted configuration files to IP phones through the ASA.
Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:
Step 1
Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See
.
Note
Before you create the trustpoints and generate certificates, you must have imported the required
certificates, which are stored on the Cisco UCM. See
certificates, which are stored on the Cisco UCM. See
and
Step 2
Create the CTL file for the phone proxy. See
.
Note
When the phone proxy is being configured to run in mixed-mode clusters, you have the
following option to use an existing CTL file to install the trustpoints. See
following option to use an existing CTL file to install the trustpoints. See
Step 3
Create the TLS proxy instance. See
Step 4
Create the media termination instance for the phone proxy. See
Step 5
Create the phone proxy instance. See
.
Step 6
While configuring the phone proxy instance (in the Phone Proxy Configuration mode), enter the
following command to configure the mode of the cluster to be mixed mode because the default is
nonsecure:
following command to configure the mode of the cluster to be mixed mode because the default is
nonsecure:
hostname(config-phone-proxy)# cluster-mode mixed
Step 7
Enable the phone proxy y with SIP and Skinny inspection. See
.
Creating Trustpoints and Generating Certificates
Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file.
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file.
You need to create trustpoints for each Cisco UCM (primary and secondary if a secondary Cisco UCM
is used) and TFTP server in the network. The trustpoints need to be in the CTL file for the phones to
trust the Cisco UCM.
is used) and TFTP server in the network. The trustpoints need to be in the CTL file for the phones to
trust the Cisco UCM.