Cisco ASA 5505 Configuration Manual page 956
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Prerequisites for the Phone Proxy
•
•
•
•
•
•
•
•
•
Certificates from the Cisco UCM
Import the following certificates which are stored on the Cisco UCM. These certificates are required by
the adaptive security appliance for the phone proxy.
•
•
•
•
If LSC provisioning is required or you have LSC enabled IP phones, you must import the CAPF
certificate from the Cisco UCM. If the Cisco UCM has more than one CAPF certificate, you must import
all of them to the adaptive security appliance.
You can configure LSC provisioning for additional end-user authentication. See the Cisco Unified
Note
Communications Manager configuration guide for information.
For example, the CA Manufacturer certificate is required by the phone proxy to validate the IP phone
certificate.
Cisco ASA 5500 Series Configuration Guide using ASDM
43-6
You must configure one media termination for each phone proxy on the adaptive security appliance.
Multiple media termination instances on the adaptive security appliance are not supported.
For the media termination instance, you can configure a global media-termination address for all
interfaces or configure a media-termination address for different interfaces. However, you cannot
use a global media-termination address and media-termination addresses configured for each
interface at the same time.
If you configure a media termination address for multiple interfaces, you must configure an address
on each interface that the adaptive security appliance uses when communicating with IP phones.
For example, if you had three interfaces on the adaptive security appliance (one internal interface
and two external interfaces) and only one of the external interfaces were used to communicate with
IP phones, you would configure two media termination addresses: one on the internal interface and
one on the external interface that communicated with the IP phones.
Only one media-termination address can be configured per interface.
The IP addresses are publicly routable addresses that are unused IP addresses within the address
range on that interface.
The IP address on an interface cannot be the same address as that interface on the adaptive security
appliance.
The IP addresses cannot overlap with existing static NAT pools or NAT rules.
The IP addresses cannot be the same as the Cisco UCM or TFTP server IP address.
For IP phones behind a router or gateway, you must also meet this prerequisite. On the router or
gateway, add routes to the media termination address on the adaptive security appliance interface
that the IP phones communicate with so that the phone can reach the media termination address.
Cisco_Manufacturing_CA
CAP-RTP-001
CAP-RTP-002
CAPF certificate (Optional)
Chapter 43
Configuring the Cisco Phone Proxy
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
