Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Adding or Editing the TFTP Server for a Phone Proxy

17-20

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter17 Configuring the Cisco Phone Proxy

Configuring the Phone Proxy

The IP address you enter should be the global IP address based on where the IP phone and HTTP

proxy server is located. You can enter a hostname in the IP Address field when that hostname can

be resolved to an IP address by the ASA (for example, DNS lookup is configured) because the ASA

will resolve the hostname to an IP address. If a port is not specified, the default will be 8080.

c. In the Interface field, select the interface on which the HTTP proxy resides on the ASA.

Setting the proxy server configuration option for the Phone Proxy allows for an HTTP proxy on the DMZ

or external network in which all the IP phone URLs are directed to the proxy server for services on the

phones. This setting accommodates nonsecure HTTP traffic, which is not allowed back into the

corporate network.

Step11 Click Apply to save the Phone Proxy configuration settings.

Note After creating the Phone Proxy instance, you enable it with SIP and Skinny inspection. See SIP

Inspection, page 12-20 and Skinny (SCCP) Inspection, page 12-32.

However, before you enable SIP and Skinny inspection for the Phone Proxy (which is done by applying

the Phone Proxy to a service policy rule), the Phone Proxy must have an MTA instance, TLS Proxy, and

CTL file assigned to it before the Phone Proxy can be applied to a service policy. Additionally, once a

Phone Proxy is applied to a service policy rule, the Phone Proxy cannot be changed or removed.

Adding or Editing the TFTP Server for a Phone Proxy

Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.

Note You can edit the TFTP server setting by using the Edit TFTP Server dialog box; however, changing a

setting in this dialog box does not change related settings for the phone proxy. For example, editing the

IP address for the TFTP server in this dialog does not change the setting in the CTL file and does not

update the address translations required by the phone proxy.

To modify TFTP server settings, we strongly recommend you re-run the Unified Communications

Wizard to ensure proper synchronization with all phone proxy settings.

Step1 Open the Configuration > Firewall > Unified Communications > Phone Proxy pane.

Step2 Check the Enable Phone Proxy check box to enable the feature.

Step3 To add or edit the TFTP Server information for the phone proxy, click the Add or Edit button. The

Add/Edit TFTP Server dialog box appears.

Use the Add/Edit TFTP Server dialog box to specify the IP address of the TFTP server and the interface

on which the TFTP server resides.

The Phone Proxy must have at least one CUCM TFTP server configured. Up to five TFTP servers can

be configured for the Phone Proxy.

The TFTP server is assumed to be behind the firewall on the trusted network; therefore, the Phone Proxy

intercepts the requests between the IP phones and TFTP server.

Cisco Systems Adding or Editing the TFTP Server for a Phone Proxy