Cisco Systems ASA 5585-X Manual De Usuario
16-46
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuration Examples for the Phone Proxy
Example 2: Mixed-mode Cisco UCM cluster, Cisco UCM and TFTP Server on
Publisher
Publisher
shows an example of the configuration for a mixed-mode Cisco UCM cluster using the
following topology.
Figure 16-3
Mixed-mode Cisco UCM cluster, Cisco UCM and TFTP Server on Publisher
object network obj-192.0.2.101
host 192.0.2.101
nat (inside,outside) static 10.10.0.26
access-list pp extended permit udp any host 10.10.0.26 eq 69
access-group pp in interface outside
crypto key generate rsa label cucmtftp_kp modulus 1024
crypto ca trustpoint cucm_tftp_server
enrollment self
keypair cucmtftp_kp
crypto ca enroll cucm_tftp_server
ctl-file myctl
record-entry cucm-tftp trustpoint cucm_tftp_server address 10.10.0.26
no shutdown
crypto key generate rsa label ldc_signer_key modulus 1024
crypto key generate rsa label phone_common modulus 1024
crypto ca trustpoint ldc_server
enrollment self
proxy_ldc_issuer
fqdn my-ldc-ca.exmaple.com
subject-name cn=FW_LDC_SIGNER_172_23_45_200
keypair ldc_signer_key
crypto ca enroll ldc_server
tls-proxy my_proxy
server trust-point _internal_PP_myctl
client ldc issuer ldc_server
client ldc keypair phone_common
client cipher-suite aes128-sha1 aes256-sha1
media-termination my_mediaterm
address 192.0.2.25 interface inside
271632
IP
IP
IP
IP
Internet
Phone A
192.0.2.16
Comcast Address
98.208.49.30
Comcast Address
69.181.112.219
Cisco UCM cluster is in
nonsecure mode
ASA Outside Interface
10.10.0.24
ASA Inside Interface
192.0.2.1
M
Cisco UCM+TFTP
192.0.2.101
Corporate Network
Home Router
w/NAT
Home Router
w/NAT