Cisco Systems and the ASA Services Module Manual De Usuario
16-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
•
•
•
•
•
Task Flow for Configuring the Phone Proxy in a Non-secure Cisco UCM Cluster
Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:
Step 1
Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See
.
Note
Before you create the trustpoints and generate certificates, you must have imported the required
certificates, which are stored on the Cisco UCM. See
certificates, which are stored on the Cisco UCM. See
and
Step 2
Create the CTL file for the phone proxy. See
.
Step 3
Create the TLS proxy instance. See
Step 4
Create the media termination instance for the phone proxy. See
Step 5
Create the phone proxy instance. See
.
Step 6
Enable the phone proxy y with SIP and Skinny inspection. See
.
Importing Certificates from the Cisco UCM
For the TLS proxy used by the phone proxy to complete the TLS handshake successfully, it needs to
verify the certificates from the IP phone (and the Cisco UCM if doing TLS with Cisco UCM). To validate
the IP phone certificate, we need the CA Manufacturer certificate which is stored on the Cisco UCM.
Follow these steps to import the CA Manufacturer certificate to the ASA.
verify the certificates from the IP phone (and the Cisco UCM if doing TLS with Cisco UCM). To validate
the IP phone certificate, we need the CA Manufacturer certificate which is stored on the Cisco UCM.
Follow these steps to import the CA Manufacturer certificate to the ASA.
Step 1
Go to the Cisco UCM Operating System Administration web page.
Step 2
Choose Security > Certificate Management.
Note
Earlier versions of Cisco UCM have a different UI and way to locate the certificates. For
example, in Cisco UCM version 4.x, certificates are located in the directory
example, in Cisco UCM version 4.x, certificates are located in the directory
C:\Program
Files\Cisco\Certificates
. See your Cisco Unified Communications Manager (CallManager)
documentation for information about locating certificates.