Cisco Systems ASA 5585-X Manual De Usuario

For mixed-mode clusters, the phone proxy does not support the Cisco Unified Call Manager using TFTP 
to send encrypted configuration files to IP phones through the ASA.

Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:

Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and 
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL 
file. See 

. 

Before you create the trustpoints and generate certificates, you must have imported the required 
certificates, which are stored on the Cisco UCM. See 

 and 

Create the CTL file for the phone proxy. See 

. 

When the phone proxy is being configured to run in mixed-mode clusters, you have the 
following option to use an existing CTL file to install the trustpoints. See 

Create the TLS proxy instance. See 

Create the media termination instance for the phone proxy. See 

Create the phone proxy instance. See 

. 

While configuring the phone proxy instance (in the Phone Proxy Configuration mode), enter the 
following command to configure the mode of the cluster to be mixed mode because the default is 
nonsecure:

hostname(config-phone-proxy)# cluster-mode mixed

Enable the phone proxy y with SIP and Skinny inspection. See 

.

Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and 
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL 
file.

You need to create trustpoints for each Cisco UCM (primary and secondary if a secondary Cisco UCM 
is used) and TFTP server in the network. The trustpoints need to be in the CTL file for the phones to 
trust the Cisco UCM.