Cisco ASA 5505 User Manual

Page 1001

Advertising
background image

48-19

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Configuring the Phone Proxy

Prerequisites

If you are using domain names for your Cisco UCM and TFTP server, you must configure DNS lookup
on the ASA. Add an entry for each of the outside interfaces on the ASA into your DNS server, if such
entries are not already present. Each ASA outside IP address should have a DNS entry associated with
it for lookups. These DNS entries must also be enabled for Reverse Lookup.

Enable DNS lookups on your ASA with the dns domain-lookup interface_name command (where the
interface_name specifies the interface that has a route to your DNS server). Additionally, define your
DNS server IP address on the ASA; for example:

dns name-server 10.2.3.4

(IP address of your DNS

server).

Note

You can enter the dns domain-lookup command multiple times to enable DNS lookup on
multiple interfaces. If you enter multiple commands, the ASA tries each interface in the order it
appears in the configuration until it receives a response.

See the command reference for information about the dns domain-lookup command.

What to Do Next

Once you have configured the CTL file for the phone proxy, create the TLS proxy instance. See

Creating

the TLS Proxy Instance for a Non-secure Cisco UCM Cluster, page 48-20

to add the TLS proxy when

configuring the phone proxy in a non-secure mode or see

Creating the TLS Proxy for a Mixed-mode

Cisco UCM Cluster, page 48-21

if the phone proxy is running in a mixed-mode cluster.

Command

Purpose

Step 1

hostname(config)# ctl-file ctl_name

Example:

ctl-file myctl

Creates the CTL file instance.

Step 2

hostname(config-ctl-file)# record-entry tftp

trustpoint

trustpoint_name address TFTP_IP_address

Example:

record-entry cucm-tftp trustpoint cucm_tftp_server

address 10.10.0.26

Creates the record entry for the TFTP server.

Note

Use the global or mapped IP address of the
TFTP server or Cisco UCM if NAT is
configured.

Step 3

hostname(config-ctl-file)# record-entry cucm

trustpoint

trustpoint_name address IP_address

Example:

record-entry cucm trustpoint cucm_server address

10.10.0.26

Creates the record entry for the each Cisco UCM
(primary and secondary).

Note

Use the global or mapped IP address of the
Cisco UCM.

Step 4

hostname(config-ctl-file)# record-entry capf

trustpoint

trust_point address

Example:

record-entry capf trustpoint capf address 10.10.0.26

Creates the record entry for CAPF.

Note

You only enter this command when LSC
provisioning is required or you have LSC
enabled IP phones.

Step 5

hostname(config-ctl-file)# no shutdown

Creates the CTL file.

When the file is created, it creates an internal
trustpoint used by the phone proxy to sign the TFTP
files. The trustpoint is named
_internal_PP_ctl-instance_filename.

Step 6

hostname(config)# copy running-configuration

startup-configuration

Saves the certificate configuration to Flash memory.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals