48-17
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter48 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Task Flow for Configuring the Phone Proxy in a Mixed-mode Cisco UCM Cluster
Note For mixed-mode clusters, the phone proxy does not support the Cisco Unified Call Manager using TFTP
to send encrypted configuration files to IP phones through the ASA.
Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:
Step1 Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See Creating Trustpoints and Generating Certificates, page48-17.
Note Before you create the trustpoints and generate certificates, you must have imported the required
certificates, which are stored on the Cisco UCM. See Certificates from the Cisco UCM,
page 48-7 and Importing Certificates from the Cisco UCM, page48-15
Step2 Create the CTL file for the phone proxy. See Creating the CTL File, page48-18.
Note When the phone proxy is being configured to run in mixed-mode clusters, you have the
following option to use an existing CTL file to install the trustpoints. See Using an Existing CTL
File, page 48-20.
Step3 Create the TLS proxy instance. See Creating the TLS Proxy for a Mixed-mode Cisco UCM Cluster,
page 48-21.
Step4 Create the media termination instance for the phone proxy. See Creating the Media Termination
Instance, page 48-22.
Step5 Create the phone proxy instance. See Creating the Phone Proxy Instance, page 48-23.
Step6 While configuring the phone proxy instance (in the Phone Proxy Configuration mode), enter the
following command to configure the mode of the cluster to be mixed mode because the default is
nonsecure:
hostname(config-phone-proxy)# cluster-mode mixed
Step7 Enable the phone proxy y with SIP and Skinny inspection. See Enabling the Phone Proxy with SIP and
Skinny Inspection, page48-25.
Creating Trustpoints and Generating Certificates
Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file.
You need to create trustpoints for each Cisco UCM (primary and secondary if a secondary Cisco UCM
is used) and TFTP server in the network. The trustpoints need to be in the CTL file for the phones to
trust the Cisco UCM.