48-44
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter48 Configuring the Cisco Phone Proxy
Configuration Examples for the Phone Proxy
Figure48-2 Nonsecure Cisco UCM cluster, Cisco UCM and TFTP Server on Publisher
object network obj-192.0.2.101
host 192.0.2.101
nat (inside,outside) static 10.10.0.26
access-list pp extended permit udp any host 10.10.0.26 eq 69
access-group pp in interface outside
crypto key generate rsa label cucmtftp_kp modulus 1024
crypto ca trustpoint cucm_tftp_server
enrollment self
keypair cucmtftp_kp
crypto ca enroll cucm_tftp_server
ctl-file myctl
record-entry cucm-tftp trustpoint cucm_tftp_server address 10.10.0.26
no shutdown
tls-proxy mytls
server trust-point _internal_PP_myctl
media-termination my_mediaterm
address 192.0.2.25 interface inside
address 10.10.0.25 interface outside
phone-proxy mypp
media-termination my_mediaterm
tftp-server address 192.0.2.101 interface inside
tls-proxy mytls
ctl-file myctl
class-map sec_sccp
match port tcp 2443
class-map sec_sip
match port tcp eq 5061
policy-map pp_policy
class sec_sccp
inspect skinny phone-proxy mypp
class sec_sip
inspect sip phone-proxy mypp
service-policy pp_policy interface outside
271632
IP
IP
IP
IP
Internet
Phone A
192.0.2.16
Comcast Address
98.208.49.30
Comcast Address
69.181.112.219
Cisco UCM cluster is in
nonsecure mode
ASA Outside Interface
10.10.0.24
ASA Inside Interface
192.0.2.1
M
Cisco UCM+TFTP
192.0.2.101
Corporate Network
Home Router
w/NAT
Home Router
w/NAT