Nat and pat prerequisites – Cisco ASA 5505 User Manual

Page 990

Advertising
background image

48-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Prerequisites for the Phone Proxy

Note

All these ports are configurable on the Cisco UCM, except for TFTP. These are the default
values and should be modified if they are modified on the Cisco UCM. For example, 3804 is the
default port for the CAPF Service. This default value should be modified if it is modified on the
Cisco UCM.

NAT and PAT Prerequisites

NAT Prerequisites

If NAT is configured for the TFTP server, the NAT configuration must be configured prior to
configuring the tftp-server command under the phone proxy.

If NAT is configured for the TFTP server or Cisco UCMs, the translated “global” address must be
used in the access lists.

PAT Prerequisites

When the Skinny inspection global port is configured to use a non-default port, then you must
configure the nonsecure port as the

global_sccp_port+443

.

Therefore, if global_sccp_port is 7000, then the global secure SCCP port is 7443. Reconfiguring the
port might be necessary when the phone proxy deployment has more than one Cisco UCM and they
must share the interface IP address or a global IP address.

/* use the default ports for the first CUCM */

object network obj-10.0.0.1-01

host 10.0.0.1

nat (inside,outside) static interface service tcp 2000 2000

object network obj-10.0.0.1-02

host 10.0.0.1

nat (inside,outside) static interface service tcp 2443 2443

/* use non-default ports for the 2nd CUCM */

object network obj-10.0.0.2-01

host 10.0.0.2

nat (inside,outside) static interface service tcp 2000 7000

object network obj-10.0.0.2-02

host 10.0.0.2

nat (inside,outside) static interface service tcp 2443 7443

Table 48-1

Port Configuration Requirements

Address

Port

Protocol

Description

Media Termination

1024-65535

UDP

Allow incoming SRTP

TFTP Server

69

UDP

Allow incoming TFTP

Cisco UCM

2443

TCP

Allow incoming secure
SCCP

Cisco UCM

5061

TCP

Allow incoming secure
SIP

CAPF Service (on Cisco
UCM)

3804

TCP

Allow CAPF service for
LSC provisioning

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals