52-16
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 52 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Adding or Editing a Record Entry in a CTL File
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
Use the Add/Edit Record Entry dialog box to specify the trustpoints to be used for the creation of the
CTL file.
Note You can edit an entry in the CTL file by using the Edit Record Entry dialog box; however, changing a
setting in this dialog box does not change related settings for the phone proxy. For example, editing the
IP address for the CUCM or TFTP servers in this dialog changes the setting only in the CTL file and
does not change the actual addresses of those servers or update the address translations required by the
phone proxy.
To modify CTL file settings, we strongly recommend you re-run the Unified Communications Wizard
to edit CTL file settings and ensure proper synchronization with all phone proxy settings.
Add additional record-entry configurations for each entity that is required in the CTL file.
Step 1 Open the Configuration > Firewall > Unified Communications > CTL File pane.
Step 2 Check the Enable Certificate Trust List File check box to enable the feature.
Step 3 In the Type field, specify the type of trustpoint to create:
• cucm: Specifies the role of this trustpoint to be CCM. Multiple CCM trustpoints can be configured.
• cucm-tftp: Specifies the role of this trustpoint to be CCM+TFTP. Multiple CCM+TFTP trustpoints
can be configured.
• tftp: Specifies the role of this trustpoint to be TFTP. Multiple TFTP trustpoints can be configured.
• capf: Specifies the role of this trustpoint to be CAPF. Only one CAPF trustpoint can be configured.
Step 4 In the Host field, specify the IP address of the trustpoint. The IP address you specify must be the global
address of the TFTP server or CUCM if NAT is configured. The global IP address is the IP address as
seen by the IP phones because it will be the IP address used for the CTL record for the trustpoint.
Step 5 In the Certificate field, specify the Identity Certificate for the record entry in the CTL file. You can create
a new Identity Certificate by clicking Manage. The Manage Identify Certificates dialog box opens. See
the “Configuring Identity Certificates Authentication” section on page 44-16.
You can add an Identity Certificate by generating a self-signed certificate, obtaining the certificate
through SCEP enrollment, or by importing a certificate in PKCS-12 format. Choose the best option
based on the requirements for configuring the CTL file.
Step 6 (Optional) In the Domain Name field, specify the domain name of the trustpoint used to create the DNS
field for the trustpoint. This is appended to the Common Name field of the Subject DN to create the DNS
Name. The domain name should be configured when the FQDN is not configured for the trustpoint. Only
one domain-name can be specified.
Note If you are using domain names for your CUCM and TFTP server, you must configure DNS lookup on
the ASA. Add an entry for each of the outside interfaces on the ASA into your DNS server, if such entries
are not already present. Each ASA outside IP address should have a DNS entry associated with it for