beautypg.com

Creating trustpoints and generating certificates – Cisco ASA 5505 User Manual

Page 999

background image

48-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Configuring the Phone Proxy

Task Flow for Configuring the Phone Proxy in a Mixed-mode Cisco UCM Cluster

Note

For mixed-mode clusters, the phone proxy does not support the Cisco Unified Call Manager using TFTP
to send encrypted configuration files to IP phones through the ASA.

Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:

Step 1

Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See

Creating Trustpoints and Generating Certificates, page 48-17

.

Note

Before you create the trustpoints and generate certificates, you must have imported the required
certificates, which are stored on the Cisco UCM. See

Certificates from the Cisco UCM,

page 48-7

and

Importing Certificates from the Cisco UCM, page 48-15

Step 2

Create the CTL file for the phone proxy. See

Creating the CTL File, page 48-18

.

Note

When the phone proxy is being configured to run in mixed-mode clusters, you have the
following option to use an existing CTL file to install the trustpoints. See

Using an Existing CTL

File, page 48-20

.

Step 3

Create the TLS proxy instance. See

Creating the TLS Proxy for a Mixed-mode Cisco UCM Cluster,

page 48-21

.

Step 4

Create the media termination instance for the phone proxy. See

Creating the Media Termination

Instance, page 48-22

.

Step 5

Create the phone proxy instance. See

Creating the Phone Proxy Instance, page 48-23

.

Step 6

While configuring the phone proxy instance (in the Phone Proxy Configuration mode), enter the
following command to configure the mode of the cluster to be mixed mode because the default is
nonsecure:

hostname(config-phone-proxy)# cluster-mode mixed

Step 7

Enable the phone proxy y with SIP and Skinny inspection. See

Enabling the Phone Proxy with SIP and

Skinny Inspection, page 48-25

.

Creating Trustpoints and Generating Certificates

Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file.

You need to create trustpoints for each Cisco UCM (primary and secondary if a secondary Cisco UCM
is used) and TFTP server in the network. The trustpoints need to be in the CTL file for the phones to
trust the Cisco UCM.

This manual is related to the following products:
See also other documents in the category Cisco Hardware: