EasyManua.ls Logo

Cisco ASA 5515-X

Cisco ASA 5515-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-14
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Two SIP IP phones: both in non-secure mode
Two SCCP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, both in encrypted mode
Two SIP IP phones: one IP phone in authenticated mode and one in encrypted mode, both in
authenticated mode, both in encrypted mode
Two SCCP IP phones: both in non-secure mode
This limitation results from the way the application-redirect rules (rules that convert TLS to TCP)
are created for the IP phones.
Media Termination Address Guidelines and Limitations
The phone proxy has the following limitations relating to configuring the media-termination address:
When configuring the media-termination address, the phone proxy does not support having internal
IP phones (IP phones on the inside network) being on a different network interface from the Cisco
UCM unless the IP phones are forced to use the non-secure Security mode.
When internal IP phones are on a different network interface than the Cisco UCM, the IP phones
signalling sessions still go through ASA; however, the IP phone traffic does not go through the
phone proxy. Therefore, Cisco recommends that you deploy internal IP phones on the same network
interface as the Cisco UMC.
If the Cisco UMC and the internal IP phones must be on different network interfaces, you must add
routes for the internal IP phones to access the network interface of the media-termination address
where Cisco UMC resides.
When the phone proxy is configured to use a global media-termination address, all IP phones see
the same global address, which is a public routable address.
If you decide to configure a media-termination address on interfaces (rather than using a global
interface), you must configure a media-termination address on at least two interfaces (the inside and
an outside interface) before applying the phone-proxy service policy. Otherwise, you will receive an
error message when enabling the Phone Proxy with SIP and Skinny Inspection.
The phone proxy can use only one type of media termination instance at a time; for example, you
can configure a global media-termination address for all interfaces or configure a media-termination
address for different interfaces. However, you cannot use a global media-termination address and
media-termination addresses configured for each interface at the same time.
Configuring the Phone Proxy
This section includes the following topics:
Task Flow for Configuring the Phone Proxy in a Non-secure Cisco UCM Cluster, page 1-15
Importing Certificates from the Cisco UCM, page 1-15
Task Flow for Configuring the Phone Proxy in a Mixed-mode Cisco UCM Cluster, page 1-17
Creating Trustpoints and Generating Certificates, page 1-18
Creating the CTL File, page 1-19
Using an Existing CTL File, page 1-20
Creating the TLS Proxy Instance for a Non-secure Cisco UCM Cluster, page 1-21

Table of Contents

Other manuals for Cisco ASA 5515-X

Related product manuals