Filter
Top Products
19-27
Cisco ASDM User Guide
OL-16647-01
Chapter 19 Adding Global Objects
Phone Proxy
The IP address you enter should be the global IP address based on where the IP phone and HTTP
proxy server is located. You can enter a hostname in the IP Address field when that hostname can
be resolved to an IP address by the security appliance (for example, DNS lookup is configured)
because the security appliance will resolve the hostname to an IP address. If a port is not specified,
the default will be 8080.
c. In the Interface field, select the interface on which the HTTP proxy resides on the security appliance.
Setting the proxy server configuration option for the Phone Proxy allows for an HTTP proxy on the DMZ
or external network in which all the IP phone URLs are directed to the proxy server for services on the
phones. This setting accommodates nonsecure HTTP traffic, which is not allowed back into the
corporate network.
Step 11 To force Cisco IP Communicator (CIPC) softphones to operate in authenticated mode when CIPC
softphones are deployed in a voice and data VLAN scenario, check the Enable CIPC security mode
authentication check box.
Because CIPC requires an LSC to perform the TLS handshake, CIPC needs to register with the CUCM
in nonsecure mode using cleartext signaling. To allow the CIPC to register, create an ACL that allows
the CIPC to connect to the CUCM on the nonsecure SIP/SCCP siganling ports (5060/2000).
CIPC uses a different cipher when doing the TLS handshake and requires the null-sha1 cipher and SSL
encrption be configured. To add the null-shal cipher, go to Configuration > Device Management >
Advanced > SSL Settings > Encryption section. Select the null-shal SSL encryption type and add it to
the Available Algorithms.
Current versions of Cisco IP Communicator (CIPC) support authenticated mode and perform TLS
signaling but not voice encryption.
Step 12 Click Apply to save the Phone Proxy configuration settings.
Add/Edit TFTP Server
Note This feature is not supported for ASDM version 6.1.5 or the Adaptive Security Appliance version 8.1.2.
Use the Add/Edit TFTP Server dialog box to specify the IP address of the TFTP server and the interface
on which the TFTP server resides.
The Phone Proxy must have at least one CUCM TFTP server configured. Up to five TFTP servers can
be configured for the Phone Proxy.
The TFTP server is assumed to be behind the firewall on the trusted network; therefore, the Phone Proxy
intercepts the requests between the IP phones and TFTP server.
Note If NAT is configured for the TFTP server, the NAT configuration must be configured prior to specifying
the TFTP server while creating the Phone Proxy instance.
Fields
TFTP Server IP Address—Specifies the address of the TFTP server. Create the TFTP server using the
actual internal IP address.
Port—(Optional) Specifies the port the TFTP server is listening in on for the TFTP requests. This should
be configured if it is not the default TFTP port 69.