Cisco ASA Series Cli Configuration Manual page 1239
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring the Cisco Phone Proxy
[3des-sha1] [des-sha1] [rc4-md5] [possibly others]
See the command reference for more information about setting ciphers with the ssl encryption
command.
Certificate Validation Errors
Problem
Entering the show logging asdm command, displayed the following errors:
3|Jun 19 2008 17:23:54|717009: Certificate validation failed. No suitable trustpoints
found to validate
certificate serial number: 348FD2760000000E6E27, subject name:
cn=CP-7961G-SEP001819A89CC3,ou=EVVBU,o=Cisco Systems Inc.
Solution
In order for the phone proxy to authenticate the MIC provided by the IP phone, it needs the Cisco
Manufacturing CA (MIC) certificate imported into the ASA.
Verify that all required certificates are imported into the ASA so that the TLS handshake will succeed.
Step 1
Determine which certificates are installed on the ASA by entering the following command:
Step 2
Verify that the list of installed certificates contains all required certificates for the phone proxy.
Step 3
Import any missing certificates onto the ASA. See also
page
Media Termination Address Errors
Problem
hostname(config-phone-proxy)# media-termination address ip_address
ERROR: Failed to apply IP address to interface Virtual254, as the network overlaps with
interface GigabitEthernet0/0. Two interfaces cannot be in the same subnet.
ERROR: Failed to set IP address for the Virtual interface
ERROR: Could not bring up Phone proxy media termination interface
ERROR: Failed to find the HWIDB for the Virtual interface
Solution
configuration is set correctly:
hostname(config)# show running-config all phone-proxy
asa2(config)# show running-config all phone-proxy
!
phone-proxy mypp
Errors in the ASA log indicate that certificate validation errors occurred.
hostname# show running-config crypto
Additionally, determine which certificates are installed on the IP phones. The certificate information
is shown under the Security Configuration menu. See
page 1-32
for information about checking the IP phone to determine if it has the MIC installed on it.
See
Table
1-2,
Certificates Required by the Security Appliance for the Phone
information.
1-15.
Entering the media-termination address command displays the following errors:
Enter the following command to determine if the media-termination address in the phone proxy
Troubleshooting the Phone Proxy
Debugging Information from IP Phones,
Importing Certificates from the Cisco UCM,
Cisco ASA Series CLI Configuration Guide
Proxy, for
1-41
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
