43-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 43 Configuring the Cisco Phone Proxy
Prerequisites for the Phone Proxy
• You must configure one media termination for each phone proxy on the adaptive security appliance.
Multiple media termination instances on the adaptive security appliance are not supported.
• For the media termination instance, you can configure a global media-termination address for all
interfaces or configure a media-termination address for different interfaces. However, you cannot
use a global media-termination address and media-termination addresses configured for each
interface at the same time.
• If you configure a media termination address for multiple interfaces, you must configure an address
on each interface that the adaptive security appliance uses when communicating with IP phones.
For example, if you had three interfaces on the adaptive security appliance (one internal interface
and two external interfaces) and only one of the external interfaces were used to communicate with
IP phones, you would configure two media termination addresses: one on the internal interface and
one on the external interface that communicated with the IP phones.
• Only one media-termination address can be configured per interface.
• The IP addresses are publicly routable addresses that are unused IP addresses within the address
range on that interface.
• The IP address on an interface cannot be the same address as that interface on the adaptive security
appliance.
• The IP addresses cannot overlap with existing static NAT pools or NAT rules.
• The IP addresses cannot be the same as the Cisco UCM or TFTP server IP address.
• For IP phones behind a router or gateway, you must also meet this prerequisite. On the router or
gateway, add routes to the media termination address on the adaptive security appliance interface
that the IP phones communicate with so that the phone can reach the media termination address.
Certificates from the Cisco UCM
Import the following certificates which are stored on the Cisco UCM. These certificates are required by
the adaptive security appliance for the phone proxy.
• Cisco_Manufacturing_CA
• CAP-RTP-001
• CAP-RTP-002
• CAPF certificate (Optional)
If LSC provisioning is required or you have LSC enabled IP phones, you must import the CAPF
certificate from the Cisco UCM. If the Cisco UCM has more than one CAPF certificate, you must import
all of them to the adaptive security appliance.
Note You can configure LSC provisioning for additional end-user authentication. See the Cisco Unified
Communications Manager configuration guide for information.
For example, the CA Manufacturer certificate is required by the phone proxy to validate the IP phone
certificate.
To Next Page
Loading...
Need help?
General
