Filter
Top Products
16-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
• Creating the TLS Proxy for a Mixed-mode Cisco UCM Cluster, page 16-21
• Creating the Media Termination Instance, page 16-23
• Creating the Phone Proxy Instance, page 16-24
• Enabling the Phone Proxy with SIP and Skinny Inspection, page 16-26
• Configuring Linksys Routers with UDP Port Forwarding for the Phone Proxy, page 16-27
Task Flow for Configuring the Phone Proxy in a Non-secure Cisco UCM Cluster
Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:
Step 1 Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See Creating Trustpoints and Generating Certificates, page 16-17.
Note Before you create the trustpoints and generate certificates, you must have imported the required
certificates, which are stored on the Cisco UCM. See Certificates from the Cisco UCM,
page 16-7 and Importing Certificates from the Cisco UCM, page 16-15
Step 2 Create the CTL file for the phone proxy. See Creating the CTL File, page 16-18.
Step 3 Create the TLS proxy instance. See Creating the TLS Proxy Instance for a Non-secure Cisco UCM
Cluster, page 16-20.
Step 4 Create the media termination instance for the phone proxy. See Creating the Media Termination
Instance, page 16-23.
Step 5 Create the phone proxy instance. See Creating the Phone Proxy Instance, page 16-24.
Step 6 Enable the phone proxy y with SIP and Skinny inspection. See Enabling the Phone Proxy with SIP and
Skinny Inspection, page 16-26.
Importing Certificates from the Cisco UCM
For the TLS proxy used by the phone proxy to complete the TLS handshake successfully, it needs to
verify the certificates from the IP phone (and the Cisco UCM if doing TLS with Cisco UCM). To validate
the IP phone certificate, we need the CA Manufacturer certificate which is stored on the Cisco UCM.
Follow these steps to import the CA Manufacturer certificate to the ASA.
Step 1 Go to the Cisco UCM Operating System Administration web page.
Step 2 Choose Security > Certificate Management.
Note Earlier versions of Cisco UCM have a different UI and way to locate the certificates. For
example, in Cisco UCM version 4.x, certificates are located in the directory
C:\Program
Files\Cisco\Certificates
. See your Cisco Unified Communications Manager (CallManager)
documentation for information about locating certificates.