Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco Systems
  4. and the ASA Services Module
  5. Manual De Usuario

Cisco Systems and the ASA Services Module Manual De Usuario

Descargar
Página de 712
 
16-41
Cisco ASA Series Firewall CLI Configuration Guide
 
Chapter 16      Configuring the Cisco Phone Proxy
  Troubleshooting the Phone Proxy
[3des-sha1] [des-sha1] [rc4-md5] [possibly others]
See the command reference for more information about setting ciphers with the ssl encryption 
command.
Certificate Validation Errors
Problem
Errors in the ASA log indicate that certificate validation errors occurred. 
Entering the show logging asdm command, displayed the following errors:
3|Jun 19 2008 17:23:54|717009: Certificate validation failed. No suitable trustpoints 
found to validate 
certificate serial number: 348FD2760000000E6E27, subject name: 
cn=CP-7961G-SEP001819A89CC3,ou=EVVBU,o=Cisco Systems Inc.
Solution
In order for the phone proxy to authenticate the MIC provided by the IP phone, it needs the Cisco 
Manufacturing CA (MIC) certificate imported into the ASA.
Verify that all required certificates are imported into the ASA so that the TLS handshake will succeed. 
Step 1
Determine which certificates are installed on the ASA by entering the following command:
hostname# show running-config crypto
Additionally, determine which certificates are installed on the IP phones. The certificate information 
is shown under the Security Configuration menu. See 
 for information about checking the IP phone to determine if it has the MIC installed on 
it.
Step 2
Verify that the list of installed certificates contains all required certificates for the phone proxy. 
See 
, for 
information.
Step 3
Import any missing certificates onto the ASA. See also 
Media Termination Address Errors
Problem
Entering the media-termination address command displays the following errors:
hostname(config-phone-proxy)# media-termination address ip_address
ERROR: Failed to apply IP address to interface Virtual254, as the network overlaps with 
interface GigabitEthernet0/0. Two interfaces cannot be in the same subnet.
ERROR: Failed to set IP address for the Virtual interface
ERROR: Could not bring up Phone proxy media termination interface
ERROR: Failed to find the HWIDB for the Virtual interface
Solution
Enter the following command to determine if the media-termination address in the phone proxy 
configuration is set correctly:
hostname(config)# show running-config all phone-proxy 
asa2(config)# show running-config all phone-proxy
!