Cisco ASA Series Cli Configuration Manual page 1236
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Troubleshooting the Phone Proxy
Make sure that each media-termination instance is created correctly and that the address or addresses are
set correctly. The ASA must meet specific criteria for media termination. See
Instance Prerequisites, page 1-6
the media termination instance and configuring the media termination addresses.
IP Phone Registration Failure from Signaling Connections
Problem
files using TFTP.
Solution
Step 1
Determine if the TLS handshake is occurring between the phone proxy and the IP phone, perform the
following:
a.
b.
Step 2
Determine if the TLS proxy is configured correctly for the phone proxy:
a.
b.
Step 3
Verify that all required certificates are imported into the ASA so that the TLS handshake will succeed.
a.
Cisco ASA Series CLI Configuration Guide
1-38
The IP phone is unable to complete the TLS handshake with the phone proxy and download its
Enable logging with the following command:
hostname(config)# logging buffered debugging
To check the output from the syslogs captured by the logging buffered command, enter the
following command:
hostname# show logging
The syslogs will contain information showing when the IP phone is attempting the TLS handshake,
which happens after the IP phone downloads its configuration file.
Display all currently running TLS proxy configurations by entering the following command:
hostname# show running-config tls-proxy
tls-proxy proxy
server trust-point _internal_PP_<ctl_file_instance_name>
client ldc issuer ldc_signer
client ldc key-pair phone_common
no client cipher-suite
hostname#
Verify that the output contains the server trust-point command under the tls-proxy command (as
shown in substep a.).
If you are missing the server trust-point command, modify the TLS proxy in the phone proxy
configuration.
See Step 3 in the
"Task Flow for Configuring the Phone Proxy in a Non-secure Cisco UCM Cluster"
section on page
1-15, or Step 3 in the
Cisco UCM Cluster" section on page
Having this command missing from the TLS proxy configuration for the phone proxy will cause
TLS handshake failure.
Determine which certificates are installed on the ASA by entering the following command:
hostname# show running-config crypto
Additionally, determine which certificates are installed on the IP phones. See
Information from IP Phones, page 1-32
it has MIC installed on it.
for the complete list of prerequisites that you must follow when creating
"Task Flow for Configuring the Phone Proxy in a Mixed-mode
1-17.
for information about checking the IP phone to determine if
Chapter 1
Configuring the Cisco Phone Proxy
Media Termination
Debugging
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
