Cisco ASA 5505 User Manual

Page 1031

Advertising
background image

48-49

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Configuration Examples for the Phone Proxy

crypto ca trustpoint ldc_server

enrollment self

proxy_ldc_issuer

fqdn my-ldc-ca.exmaple.com

subject-name cn=FW_LDC_SIGNER_172_23_45_200

keypair ldc_signer_key

crypto ca enroll ldc_server

tls-proxy my_proxy

server trust-point _internal_PP_myctl

client ldc issuer ldc_server

client ldc keypair phone_common

client cipher-suite aes128-sha1 aes256-sha1

media-termination my_mediaterm

address 192.0.2.25 interface inside

address 10.10.0.25 interface outside

phone-proxy mypp

media-termination my_mediaterm

tftp-server address 192.0.2.101 interface inside

tls-proxy mytls

ctl-file myctl

cluster-mode mixed

class-map sec_sccp

match port tcp 2443

class-map sec_sip

match port tcp eq 5061

policy-map pp_policy

class sec_sccp

inspect skinny phone-proxy mypp

class sec_sip

inspect sip phone-proxy mypp

service-policy pp_policy interface outside

Example 5: LSC Provisioning in Mixed-mode Cisco UCM cluster; Cisco UCM
and TFTP Server on Publisher

Figure 48-6

shows an example of the configuration for a mixed-mode Cisco UCM cluster where LSC

provisioning is required using the following topology.

Note

Doing LSC provisioning for remote IP phones is not recommended because it requires that the IP phones
first register and they have to register in nonsecure mode. Having the IP phones register in nonsecure
mode requires the Administrator to open the nonsecure signaling port for SIP and SCCP on the ASA. If
possible, LSC provisioning should be done inside the corporate network before giving the IP phones to
the end-users.

In this sample, you create an access list to allow the IP phones to contact the TFTP server and to allow
the IP phones to register in nonsecure mode by opening the nonsecure port for SIP and SCCP as well as
the CAPF port for LSC provisioning.

Additionally, you create the CAPF trustpoint by copying and pasting the CAPF certificate from the Cisco
UCM Certificate Management software.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals