Cisco Systems ASA Services Module Webcam User Manual


 
17-9
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 17 Configuring the Cisco Phone Proxy
Prerequisites for the Phone Proxy
Prerequisites for IP Phones on Multiple Interfaces
When IP phones reside on multiple interfaces, the phone proxy configuration must have the correct IP
address set for the Cisco UCM in the CTL file.
See the following example topology for information about how to correctly set the IP address:
phones --- (dmz)-----|
|----- ASA PP --- (outside Internet) --- phones
phones --- (inside)--|
In this example topology, the following IP address are set:
Cisco UCM on the inside interface is set to 10.0.0.5
The DMZ network is 192.168.1.0/24
The inside network is 10.0.0.0/24
The Cisco UCM is mapped with different global IP addresses from DMZ > outside and inside interfaces
> outside interface.
In the CTL file, the Cisco UCM must have two entries because of the two different IP addresses. For
example, if the static statements for the Cisco UCM are as follows:
object network obj-10.0.0.5-01
host 10.0.0.5
nat (inside,outside) static 209.165.202.129
object network obj-10.0.0.5-02
host 10.0.0.5
nat (inside,dmz) static 198.168.1.2
There must be two CTL file record entries for the Cisco UCM:
record-entry cucm trustpoint cucm_in_to_out address 209.165.202.129
record-entry cucm trustpoint cucm_in_to_dmz address 192.168.1.2
7960 and 7940 IP Phones Support
An LSC must be installed on these IP phones because they do not come pre installed with a MIC.
Install the LSC on each phone before using them with the phone proxy to avoid opening the
nonsecure SCCP port for the IP phones to register in nonsecure mode with the Cisco UCM.
See the following document for the steps to install an LSC on IP phones:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secucapf.html#w
p1093518
Note If an IP phone already has an LSC installed on it from a different Cisco UCM cluster, delete the
LSC from the different cluster and install an LSC from the current Cisco UCM cluster.
Note You can configure LSC provisioning for additional end-user authentication. See the Cisco
Unified Communications Manager configuration guide for information.
The CAPF certificate must be imported onto the ASA.
The CTL file created on the ASA must be created with a CAPF record-entry.