Cisco ASA 5505 Configuration Manual page 966

Configuring the Phone Proxy
In the Type field, specify the type of trustpoint to create:
Step 3
•
•
•
•
In the Host field, specify the IP address of the trustpoint. The IP address you specify must be the global
Step 4
address of the TFTP server or CUCM if NAT is configured. The global IP address is the IP address as
seen by the IP phones because it will be the IP address used for the CTL record for the trustpoint.
Step 5 In the Certificate field, specify the Identity Certificate for the record entry in the CTL file. You can create
a new Identity Certificate by clicking Manage. The Manage Identify Certificates dialog box opens. See
the
You can add an Identity Certificate by generating a self-signed certificate, obtaining the certificate
through SCEP enrollment, or by importing a certificate in PKCS-12 format. Choose the best option
based on the requirements for configuring the CTL file.
(Optional) In the Domain Name field, specify the domain name of the trustpoint used to create the DNS
Step 6
field for the trustpoint. This is appended to the Common Name field of the Subject DN to create the DNS
Name. The domain name should be configured when the FQDN is not configured for the trustpoint. Only
one domain-name can be specified.
Note If you are using domain names for your CUCM and TFTP server, you must configure DNS lookup on
the adaptive security appliance. Add an entry for each of the outside interfaces on the adaptive security
appliance into your DNS server, if such entries are not already present. Each adaptive security appliance
outside IP address should have a DNS entry associated with it for lookups. These DNS entries must also
be enabled for Reverse Lookup. Additionally, define your DNS server IP address on the adaptive security
appliance; for example:
Creating the Media Termination Instance
Create the media termination instance that you will use in the phone proxy.
The media termination address you configure must meet the requirements as described in
Termination Instance Prerequisites, page
Note In versions before 8.2(1), you configured one media-termination address (MTA) on the outside interface
of the adaptive security appliance where the remote Cisco IP phones were located. In Version 8.2(1) and
later, you can configure a global media-termination address for all interfaces or configure a
media-termination address for different interfaces.
As a result of this enhancement, the old configuration has been deprecated. You can continue to use the
old configuration if desired. However, if you need to change the configuration at all, only the new
configuration method is accepted; you cannot later restore the old configuration. If you need to maintain
downgrade compatibility, you should keep the old configuration as is.
Open the Configuration > Firewall > Unified Communications > Media Termination Address pane.
Step 1
Check the Enable Media Termination Address check box to enable the feature.
Step 2
Cisco ASA 5500 Series Configuration Guide using ASDM
43-16
cucm: Specifies the role of this trustpoint to be CCM. Multiple CCM trustpoints can be configured.
cucm-tftp: Specifies the role of this trustpoint to be CCM+TFTP. Multiple CCM+TFTP trustpoints
can be configured.
tftp: Specifies the role of this trustpoint to be TFTP. Multiple TFTP trustpoints can be configured.
capf: Specifies the role of this trustpoint to be CAPF. Only one CAPF trustpoint can be configured.
"Configuring Identity Certificates Authentication" section on page
dns name-server 10.2.3.4
Chapter 43
(IP address of your DNS server).
43-5.
Configuring the Cisco Phone Proxy
35-14.
Media
OL-20339-01