Certificate validation errors, Media termination address errors – Cisco ASA 5505 User Manual

Page 1022

Advertising
background image

48-40

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Troubleshooting the Phone Proxy

[3des-sha1] [des-sha1] [rc4-md5] [possibly others]

See the command reference for more information about setting ciphers with the ssl encryption
command.

Certificate Validation Errors

Problem

Errors in the ASA log indicate that certificate validation errors occurred.

Entering the show logging asdm command, displayed the following errors:

3|Jun 19 2008 17:23:54|717009: Certificate validation failed. No suitable trustpoints

found to validate

certificate serial number: 348FD2760000000E6E27, subject name:

cn=CP-7961G-SEP001819A89CC3,ou=EVVBU,o=Cisco Systems Inc.

Solution

In order for the phone proxy to authenticate the MIC provided by the IP phone, it needs the Cisco
Manufacturing CA (MIC) certificate imported into the ASA.

Verify that all required certificates are imported into the ASA so that the TLS handshake will succeed.

Step 1

Determine which certificates are installed on the ASA by entering the following command:

hostname# show running-config crypto

Additionally, determine which certificates are installed on the IP phones. The certificate information
is shown under the Security Configuration menu. See

Debugging Information from IP Phones,

page 48-31

for information about checking the IP phone to determine if it has the MIC installed on

it.

Step 2

Verify that the list of installed certificates contains all required certificates for the phone proxy.

See

Table 48-2

,

Certificates Required by the Security Appliance for the Phone Proxy

, for

information.

Step 3

Import any missing certificates onto the ASA. See also

Importing Certificates from the Cisco UCM,

page 48-15

.

Media Termination Address Errors

Problem

Entering the media-termination address command displays the following errors:

hostname(config-phone-proxy)# media-termination address ip_address

ERROR: Failed to apply IP address to interface Virtual254, as the network overlaps with

interface GigabitEthernet0/0. Two interfaces cannot be in the same subnet.

ERROR: Failed to set IP address for the Virtual interface

ERROR: Could not bring up Phone proxy media termination interface

ERROR: Failed to find the HWIDB for the Virtual interface

Solution

Enter the following command to determine if the media-termination address in the phone proxy

configuration is set correctly:

hostname(config)# show running-config all phone-proxy

asa2(config)# show running-config all phone-proxy

!

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals