Cisco Systems and the ASA Services Module Manual De Usuario
15-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 15 Using the Cisco Unified Communication Wizard
Configuring the Phone Proxy by using the Unified Communication Wizard
See also the Cisco Unified Communications Manager Security Guide for information on Using the
Certificate Authority Proxy Function (CAPF) to install a locally significant certificate (LSC).
Certificate Authority Proxy Function (CAPF) to install a locally significant certificate (LSC).
If your network includes Cisco IP Communicators (CIPC) or you have LSC enabled IP phones, you must
import the CAPF certificate from the Cisco UCM. The certificate will be used to generate the LSC on
the IP phones.
import the CAPF certificate from the Cisco UCM. The certificate will be used to generate the LSC on
the IP phones.
If the Cisco UCM has more than one CAPF certificate, you must import all of them to the ASA. However,
the wizard supports configuring only one CAPF certificate, which is the default. To import more than
one CAPF certificate, go to Configuration > Device Management > Certificate Management > Identity
Certificates.
the wizard supports configuring only one CAPF certificate, which is the default. To import more than
one CAPF certificate, go to Configuration > Device Management > Certificate Management > Identity
Certificates.
You can configure LSC provisioning for additional end-user authentication. See the Cisco Unified
Communications Manager configuration guide for information.
Communications Manager configuration guide for information.
Step 1
Check the Enable Certificate Authority Proxy Function check box. The remaining fields in the page
become available.
become available.
Step 2
Enter the private IP address of the LSC provider.
Step 3
In the Public Address field, specify whether to use the IP address of the ASA public interface or enter
an IP address.
an IP address.
Specifying the private and public IP addresses for the LSC provider, creates an access list entry that
allows the IP phones to contact the Cisco UCM by opening the CAPF port for LSC provisioning.
allows the IP phones to contact the Cisco UCM by opening the CAPF port for LSC provisioning.
Step 4
In the Translation Type field, select the Address only or Address and ports radio button.
The IP phones must contact the CAPF service on the Cisco UCM. The address translation type (Address
only versus Address and ports) you select for CAPF must match the address translation type of the Cisco
UCM on which the CAPF service is running. You set the address translation type for that Cisco UCM
server in the previous step of this wizard (see
only versus Address and ports) you select for CAPF must match the address translation type of the Cisco
UCM on which the CAPF service is running. You set the address translation type for that Cisco UCM
server in the previous step of this wizard (see
),
By default, the CAPF Service uses port 3804. Modify this default value only when it is modified on the
Cisco UCM.
Cisco UCM.
Step 5
If you selected the Address and ports radio button, enter the private and public ports for the CAPF
service.
service.
Step 6
Click the Install CAPF Certificate button. The Install Certificate dialog box appears. See
Step 7
Click Next.
Configuring the Public IP Phone Network
The values that you specify in this page generate the address translation rules used for the IP phones and
configure how the ASA handles IP phone settings.
configure how the ASA handles IP phone settings.
Step 1
From the Interface drop-down list, choose the interface on which the ASA listens for connections from
IP phones.
IP phones.
Step 2
To preserve Call Manager configuration on the IP phones, check the Preserve the Unified CM’s
configuration on the phone’s service check box. When this check box is uncheck, the following service
settings are disabled on the IP phones:
configuration on the phone’s service check box. When this check box is uncheck, the following service
settings are disabled on the IP phones:
•
Web Access