Cisco ASA Series Cli Configuration Manual page 1217
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring the Cisco Phone Proxy
Command
Step 5
hostname(config-ca-trustpoint)# exit
Step 6
hostname(config)# crypto ca enroll trustpoint
Example:
crypto ca enroll cucm_tftp_server
What to Do Next
Once you have created the trustpoints and generated the certificates, create the CTL file for the phone
proxy. See
If you are configuring the phone proxy in a mixed-mode cluster, you can use an existing CTL file. See
Using an Existing CTL File, page
Creating the CTL File
Create the CTL file that will be presented to the IP phones during the TFTP requests.
Prerequisites
If you are using domain names for your Cisco UCM and TFTP server, you must configure DNS lookup
on the ASA. Add an entry for each of the outside interfaces on the ASA into your DNS server, if such
entries are not already present. Each ASA outside IP address should have a DNS entry associated with
it for lookups. These DNS entries must also be enabled for Reverse Lookup.
Enable DNS lookups on your ASA with the dns domain-lookup interface_name command (where the
interface_name specifies the interface that has a route to your DNS server). Additionally, define your
DNS server IP address on the ASA; for example:
server).
Note
See the command reference for information about the dns domain-lookup command.
Command
Step 1
hostname(config)# ctl-file ctl_name
Example:
ctl-file myctl
Step 2
hostname(config-ctl-file)# record-entry tftp
trustpoint trustpoint_name address TFTP_IP_address
Example:
record-entry cucm-tftp trustpoint cucm_tftp_server
address 10.10.0.26
Creating the CTL File, page
You can enter the dns domain-lookup command multiple times to enable DNS lookup on
multiple interfaces. If you enter multiple commands, the ASA tries each interface in the order it
appears in the configuration until it receives a response.
Purpose
Exits from the Configure Trustpoint mode.
Requests the certificate from the CA server and
causes the ASA to generate the certificate.
When prompted to include the device serial number
in the subject name, type Y to include the serial
number or type N to exclude it.
When prompted to generate the self-signed
certificate, type Y.
1-19.
1-20.
dns name-server 10.2.3.4
Purpose
Creates the CTL file instance.
Creates the record entry for the TFTP server.
Note
Use the global or mapped IP address of the
TFTP server or Cisco UCM if NAT is
configured.
Cisco ASA Series CLI Configuration Guide
Configuring the Phone Proxy
(IP address of your DNS
1-19
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
