43-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 43 Configuring the Cisco Phone Proxy
Phone Proxy Guidelines and Limitations
• The phone proxy only supports one Cisco UCM cluster. See Creating the CTL File, page 43-14 for
the steps to configure the Cisco UCM cluster for the phone proxy.
• The phone proxy is not supported when the adaptive security appliance is running in transparent
mode or multiple context mode.
• When a remote IP phone calls an invalid internal or external extension, the phone proxy does not
support playing the annunciator message from the Cisco UCM. Instead, the remote IP phone plays
a fast busy signal instead of the annunciator message "Your call cannot be completed ..." However,
when an internal IP phone dials in invalid extension, the annunciator messages plays "Your call
cannot be completed ..."
• Packets from phones connecting to the phone proxy over a VPN tunnel are not inspected by the
adaptive security appliance inspection engines.
• The phone proxy does not support IP phones sending Real-Time Control Protocol (RTCP) packets
through the adaptive security appliance. Disable RTCP packets in the Cisco Unified CM
Administration console from the Phone Configuration page. See your Cisco Unified
Communications Manager (CallManager) documentation for information about setting this
configuration option.
• When used with CIPC, the phone proxy does not support end-users resetting their device name in
CIPC (Preferences > Network tab > Use this Device Name field) or Administrators resetting the
device name in Cisco Unified CM Administration console (Device menu > Phone Configuration >
Device Name field). To function with the phone proxy, the CIPC configuration file must be in the
format: SEP<mac_address>.cnf.xml. If the device name does not follow this format
(SEP<mac_address>), CIPC cannot retrieve its configuration file from Cisco UMC via the phone
proxy and CIPC will not function.
• The phone proxy does not support IP phones sending SCCP video messages using Cisco VT
Advantage because SCCP video messages do not support SRTP keys.
• For mixed-mode clusters, the phone proxy does not support the Cisco Unified Call Manager using
TFTP to send encrypted configuration files to IP phones through the adaptive security appliance.
• Multiple IP phones behind one NAT device must be configured to use the same security mode.
When the phone proxy is configured for a mixed-mode cluster and multiple IP phones are behind
one NAT device and registering through the phone proxy, all the SIP and SCCP IP phones must be
configured as authenticated or encrypted, or all as non-secure on the Unified Call Manager.
For example, if there are four IP phones behind one NAT device where two IP phones are configured
using SIP and two IP phones are configured using SCCP, the following configurations on the Unified
Call Manager are acceptable:
–
Two SIP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, or both in encrypted mode
Two SCCP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, or both in encrypted mode
–
Two SIP IP phones: both in non-secure mode
Two SCCP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, both in encrypted mode
–
Two SIP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, both in encrypted mode
Two SCCP IP phones: both in non-secure mode
This limitation results from the way the application-redirect rules (rules that convert TLS to TCP)
are created for the IP phones.
To Next Page
Loading...
Need help?
General
