Cisco Systems ASA 5585-X Manual De Usuario

Only when the phone proxy is running in mixed-mode clusters, you have the option to use an existing 
CTL file to install trustpoints. 

If you have an existing CTL file that contains the correct IP addresses of the entities (namely, the IP 
address that the IP phones use for the Cisco UCM or TFTP servers), you can be use it to create a new 
CTL file thereby using the existing CTL file to install the trustpoints for each entity in the network 
(Cisco UCM, Cisco UCM and TFTP, TFTP server, CAPF) that the IP phones must trust. 

If a CTL file exists for the cluster, copy the CTL file to Flash memory. When you copy the CTL file to 
Flash memory, rename the file and do not name the file 

CTLFile.tlv

.

If you are using domain names for your Cisco UCM and TFTP server, you must configure DNS lookup 
on the ASA. See the prerequisites for 

When using an existing CTL file to configure the phone proxy, you can add additional entries to the file 
as necessary. See 

Once you have configured the CTL file for the phone proxy, create the TLS proxy instance. See 

 to add the TLS proxy when 

configuring the phone proxy in a non-secure mode or see 

 if the phone proxy is running in a mixed-mode cluster. 

Create the TLS proxy instance to handle the encrypted signaling.

hostname(config)# ctl-file ctl_name

ctl-file myctl

Creates the CTL file instance.

hostname(config-ctl-file)# cluster-ctl-file 

hostname(config-ctl-file)# cluster-ctl-file 

disk0:/old_ctlfile.tlv

Uses the trustpoints that are already in the existing 
CTL file stored in Flash memory.

Where the existing CTL file was saved to Flash 
memory with a filename other than

 CTLFile.tlv

; 

for example, 

old_ctlfile.tlv

.