Cisco Systems and the ASA Services Module Network Router User Manual


 
16-53
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuration Examples for the Phone Proxy
Figure 16-7 VLAN Transversal Between CIPC Softphones on the Data VLAN and Hard Phones on
the Voice VLAN
object network obj-10.130.50.0
subnet 10.130.50.0 255.255.255.0
nat (data,voice) dynamic 192.0.2.10
object network obj-10.130.50.5
host 10.130.50.5
nat (data,voice) static 192.0.2.101
access-list pp extended permit udp any host 10.130.50.5 eq 69
access-list pp extended permit tcp any host 10.130.50.5 eq 2000
access-list pp extended permit tcp any host 10.130.50.5 eq 5060
access-list pp extended permit tcp any host 10.130.50.5 eq 3804
access-group pp in interface data
crypto ca generate rsa label cucmtftp_kp modulus 1024
crypto ca trustpoint cucm_tftp_server
enrollment self
keypair cucmtftp_kp
crypto ca enroll cucm_tftp_server
crypto ca trustpoint capf
enrollment terminal
crypto ca authenticate capf
ctl-file myctl
record-entry cucm-tftp trustpoint cucm_tftp_server address 10.130.50.5
record-entry capf trustpoint capf address 10.130.50.5
no shutdown
tls-proxy mytls
server trust-point _internal_PP_myctl
media-termination my_mediaterm
address 10.130.50.2
phone-proxy mypp
media-termination my_mediaterm
tftp-server address 10.10.0.20 interface inside
tls-proxy mytls
ctl-file myctl
cipc security-mode authenticated
class-map sec_sccp
match port tcp eq 2443
class-map sec_sip
match port tcp eq 5061
policy-map pp_policy
class sec_sccp
inspect skinny phone-proxy mypp
271636
IP
Corporate
Network
(Voice VLAN)
Corporate
Network
(Data VLAN)
IP
ASA Data VLAN interface
10.10.0.24
ASA Inside Interface
10.130.50.24
M
Cisco UCM + TFTP Server
192.0.2.101
Cisco IPC
10.130.50.12
Cisco IPC
10.130.50.10
Cisco IPC
10.130.50.11