Cisco ASA 5505 User Manual

Page 1027

Advertising
background image

48-45

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Configuration Examples for the Phone Proxy

Example 2: Mixed-mode Cisco UCM cluster, Cisco UCM and TFTP Server on
Publisher

Figure 48-3

shows an example of the configuration for a mixed-mode Cisco UCM cluster using the

following topology.

Figure 48-3

Mixed-mode Cisco UCM cluster, Cisco UCM and TFTP Server on Publisher

object network obj-192.0.2.101

host 192.0.2.101

nat (inside,outside) static 10.10.0.26

access-list pp extended permit udp any host 10.10.0.26 eq 69

access-group pp in interface outside

crypto key generate rsa label cucmtftp_kp modulus 1024

crypto ca trustpoint cucm_tftp_server

enrollment self

keypair cucmtftp_kp

crypto ca enroll cucm_tftp_server

ctl-file myctl

record-entry cucm-tftp trustpoint cucm_tftp_server address 10.10.0.26

no shutdown

crypto key generate rsa label ldc_signer_key modulus 1024

crypto key generate rsa label phone_common modulus 1024

crypto ca trustpoint ldc_server

enrollment self

proxy_ldc_issuer

fqdn my-ldc-ca.exmaple.com

subject-name cn=FW_LDC_SIGNER_172_23_45_200

keypair ldc_signer_key

crypto ca enroll ldc_server

tls-proxy my_proxy

server trust-point _internal_PP_myctl

client ldc issuer ldc_server

client ldc keypair phone_common

client cipher-suite aes128-sha1 aes256-sha1

media-termination my_mediaterm

address 192.0.2.25 interface inside

271632

IP

IP

IP

IP

Internet

Phone A

192.0.2.16

Comcast Address

98.208.49.30

Comcast Address

69.181.112.219

Cisco UCM cluster is in

nonsecure mode

ASA Outside Interface

10.10.0.24

ASA Inside Interface

192.0.2.1

M

Cisco UCM+TFTP

192.0.2.101

Corporate Network

Home Router

w/NAT

Home Router

w/NAT

Advertising