Cisco ASA Series Cli Configuration Manual page 1205
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring the Cisco Phone Proxy
Certificates from the Cisco UCM
Import the following certificates which are stored on the Cisco UCM. These certificates are required by
the ASA for the phone proxy.
•
•
•
•
If LSC provisioning is required or you have LSC enabled IP phones, you must import the CAPF
certificate from the Cisco UCM. If the Cisco UCM has more than one CAPF certificate, you must import
all of them to the ASA.
Note
You can configure LSC provisioning for additional end-user authentication. See the Cisco Unified
Communications Manager configuration guide for information.
See
certificate is required by the phone proxy to validate the IP phone certificate.
DNS Lookup Prerequisites
•
•
•
Cisco Unified Communications Manager Prerequisites
•
•
•
Access List Rules
If the phone proxy is deployed behind an existing firewall, access-list rules to permit signaling, TFTP
requests, and media traffic to the phone proxy must be configured.
If NAT is configured for the TFTP server or Cisco UCMs, the translated "global" address must be used
in the access lists.
Table 1-1
Cisco_Manufacturing_CA
CAP-RTP-001
CAP-RTP-002
CAPF certificate (Optional)
Importing Certificates from the Cisco UCM, page
If you have an fully qualified domain name (FQDN) configured for the Cisco UCM rather than an
IP address, you must configure and enable DNS lookup on the ASA. For information about the dns
domain-lookup command and how to use it to configure DNS lookup, see command reference.
After configuring the DNS lookup, make sure that the ASA can ping the Cisco UCM with the
configured FQDN.
You must configure DNS lookup when you have a CAPF service enabled and the Cisco UCM is not
running on the Publisher but the Publisher is configured with a FQDN instead of an IP address.
The TFTP server must reside on the same interface as the Cisco UCM.
The Cisco UCM can be on a private network on the inside but you need to have a static mapping for
the Cisco UCM on the ASA to a public routable address.
If NAT is required for Cisco UCM, it must be configured on the ASA, not on the existing firewall.
lists the ports that are required to be configured on the existing firewall:
Prerequisites for the Phone Proxy
1-15. For example, the CA Manufacturer
Cisco ASA Series CLI Configuration Guide
1-7
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
