Filter
Top Products
19-25
Cisco ASDM User Guide
OL-16647-01
Chapter 19 Adding Global Objects
Phone Proxy
Configuring the Phone Proxy
Note This feature is not supported for ASDM version 6.1.5 or the Adaptive Security Appliance version 8.1.2.
Configuring the Phone Proxy requires the following steps:
Step 1: Create the CTL file. See Creating a CTL File, page 19-28.
Step 2: Create the TLS Proxy instance to handle the encrypted signaling. See Adding a TLS Proxy
Instance, page 19-20.
Step 3: Create the Phone Proxy instance. See Creating a Phone Proxy Instance, page 19-25.
Step 4: Enable the Phone Proxy with SIP and Skinny inspection. See SIP Inspection, page 24-21 and
Skinny (SCCP) Inspection, page 24-22.
Creating a Phone Proxy Instance
Note This feature is not supported for ASDM version 6.1.5 or the Adaptive Security Appliance version 8.1.2.
Use the Configure Phone Proxy pane to add a Phone Proxy. For a detailed overview of the Phone Proxy
used by the security appliance, see Phone Proxy, page 19-24.
This pane is available from the Configuration > Firewall > Advanced > Encrypted Traffic Inspection >
Phone Proxy pane.
Step 1 Open the Configuration > Firewall > Advanced > Encrypted Traffic Inspection > Phone Proxy pane.
Step 2 Check the Enable Phone Proxy check box to enable the feature.
Step 3 In the Media Termination Address field, type the IP address to use for media connections to the Phone
Proxy.
Specify the virtual IP address that will be created for the Phone Proxy to use during media termination.
Only one virtual interface can be configured per Phone Proxy instance. The Phone Proxy inserts the
media termination IP address into the media address portion of the signaling messages.
The security appliance must have an IP address for media termination that meets the following criteria:
• The IP address is a publicly routable address that is an unused IP address on an attached network to
the security appliance interface that will never be used by another device in your network.
• The IP address cannot be the same as the security appliance interface IP address. Specifically, it
cannot be the same as the least secure interface on the security appliance.
• The IP address cannot overlap with existing static NAT rules.
• The IP address cannot be the same as the CUCM or TFTP server IP address.
• Add routes to the other interfaces so that IP phones on other interfaces can reach the media
termination address.
Step 4 Specify the TLS Proxy by doing one of the following:
• To add a new TLS Proxy Instance, click Manage. The Configure TLS Proxy dialog box opens. See
Configure TLS Proxy Pane, page 19-19.
• To select an existing TLS Proxy, select one from the drop-down list.