52-14
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 52 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Configuring the Phone Proxy
This section includes the following topics:
• Task Flow for Configuring the Phone Proxy, page 52-14
• Creating the CTL File, page 52-14
• Adding or Editing a Record Entry in a CTL File, page 52-16
• Creating the Media Termination Instance, page 52-17
• Creating the Phone Proxy Instance, page 52-18
• Adding or Editing the TFTP Server for a Phone Proxy, page 52-20
• Configuring Linksys Routers with UDP Port Forwarding for the Phone Proxy, page 52-21
Task Flow for Configuring the Phone Proxy
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
Configuring the Phone Proxy requires the following steps:
Step 1: Create the CTL file. See Creating the CTL File, page 52-14.
Step 2: Create the TLS Proxy instance to handle the encrypted signaling. See Adding a TLS Proxy
Instance, page 53-8.
Step 3: Create the Phone Proxy instance. See the “Creating the Phone Proxy Instance” section on
page 52-18.
Step 4: Configure the media termination address for the Phone Proxy. See Creating the Media
Termination Instance, page 52-17.
Note Before you enable SIP and Skinny inspection for the Phone Proxy (which is done by applying the Phone
Proxy to a service policy rule), the Phone Proxy must have an MTA instance, TLS Proxy, and CTL file
assigned to it before the Phone Proxy can be applied to a service policy. Additionally, once a Phone
Proxy is applied to a service policy rule, the Phone Proxy cannot be changed or removed.
Step 5: Enable the Phone Proxy with SIP and Skinny inspection. See SIP Inspection, page 48-24 and
Skinny (SCCP) Inspection, page 48-37.
Creating the CTL File
Create a Certificate Trust List (CTL) file that is required by the Phone Proxy. Specify the certificates
needed by creating a new CTL file or by specifying the path of an exiting CTL file to parse from Flash
memory.
Create trustpoints and generate certificates for each entity in the network (CUCM, CUCM and TFTP,
TFTP server, CAPF) that the IP phones must trust. The certificates are used in creating the CTL file. You
need to create trustpoints for each CUCM (primary and secondary if a secondary CUCM is used) and
TFTP server in the network. The trustpoints need to be in the CTL file for the phones to trust the CUCM.