16-51
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuration Examples for the Phone Proxy
Figure 16-6 LSC Provisioning in Mixed-mode Cisco UCM cluster; Cisco UCM and TFTP Server on
Publisher
object network obj-192.0.2.105
host 192.0.2.105
nat (inside,outside) static 10.10.0.26
object network obj-192.0.2.101
host 192.0.2.101
nat (inside,outside) static interface udp 69 69
access-list pp extended permit udp any host 10.10.0.24 eq 69
access-list pp extended permit tcp any host 10.10.0.26 eq 2000
access-list pp extended permit tcp any host 10.10.0.26 eq 5060
access-list pp extended permit tcp any host 10.10.0.26 eq 3804
access-group pp in interface outside
crypto key generate rsa label cluster_kp modulus 1024
crypto ca trustpoint cucm
enrollment self
keypair cluster_kp
crypto ca enroll cucm
crypto ca trustpoint tftp_server
enrollment self
serial-number
keypair cluster_kp
crypto ca enroll tftp_server
crypto ca trustpoint capf
enroll terminal
crypto ca authenticate capf
ctl-file myctl
record-entry cucm trustpoint cucm_server address 10.10.0.26
record-entry capf trustpoint capf address 10.10.0.26
no shutdown
crypto key generate rsa label ldc_signer_key modulus 1024
crypto key generate rsa label phone_common modulus 1024
crypto ca trustpoint ldc_server
enrollment self
proxy_ldc_issuer
fqdn my-ldc-ca.exmaple.com
subject-name cn=FW_LDC_SIGNER_172_23_45_200
keypair ldc_signer_key
crypto ca enroll ldc_server
tls-proxy my_proxy
271633
IP
Internet
Corporate
Network
Phone B
192.0.2.103
IP
Phone A
192.0.2.102
IP
Comcast
Address
98.208.49.30
ASA Inside Interface
192.0.2.24
ASA Outside Interface
10.10.0.24
M
TFTP Server
192.0.2.101
Comcast
Address
69.181.112.219
IP
Home Router
w/NAT
Home Router
w/NAT