Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 431

    Page 431 CH A P T E R 17-1 Cisco ASA Series Firewall ASDM Configuration Guide 17 Configuring the Cisco Phone Proxy This chapter describes how to configure the ASA for Cisco Phone Proxy feature. This chapter includes the following sections: Information About the Cisco Phone Proxy, page 17-1 Licensing Requirements for the Phone Proxy, page 17-4 Prerequisites for the Phone Proxy, page 17-6 Phone Proxy Guidelines and Limitations, page 17-12 Configuring the Phone Proxy, page 17-14 Feature History for the Phone... 
    CH A P T E R
 
17-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
17
Configuring the Cisco Phone Proxy
This chapter describes how to configure the ASA for Cisco Phone Proxy feature. 
This chapter includes the following sections:
Information About the Cisco Phone Proxy, page 17-1
Licensing Requirements for the Phone Proxy, page 17-4
Prerequisites for the Phone Proxy, page 17-6
Phone Proxy Guidelines and Limitations, page 17-12
Configuring the Phone Proxy, page 17-14
Feature History for the Phone...

    Page 432

    Page 432 17-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Information About the Cisco Phone Proxy Figure 17-1 Phone Proxy Secure Deployment The phone proxy supports a Cisco UCM cluster in mixed mode or nonsecure mode. Regardless of the cluster mode, the remote phones that are capable of encryption are always forced to be in encrypted mode. TLS (signaling) and SRTP (media) are always terminated on the ASA. The ASA can also perform NAT, open... 
     
17-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Information About the Cisco Phone Proxy
Figure 17-1 Phone Proxy Secure Deployment 
The phone proxy supports a Cisco UCM cluster in mixed mode or nonsecure mode. Regardless of the 
cluster mode, the remote phones that are capable of encryption are always forced to be in encrypted 
mode. TLS (signaling) and SRTP (media) are always terminated on the ASA. The ASA can also perform 
NAT, open...

    Page 433

    Page 433 17-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Information About the Cisco Phone Proxy NoteAs an alternative to authenticating remote IP phones through the TLS handshake, you can configure authentication via LSC provisioning. With LSC provisioning you create a password for each remote IP phone user and each user enters the password on the remote IP phones to retrieve the LSC. Because using LSC provisioning to authenticate remote IP... 
     
17-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Information About the Cisco Phone Proxy
NoteAs an alternative to authenticating remote IP phones through the TLS handshake, you can configure 
authentication via LSC provisioning. With LSC provisioning you create a password for each remote IP 
phone user and each user enters the password on the remote IP phones to retrieve the LSC. 
Because using LSC provisioning to authenticate remote IP...

    Page 434

    Page 434 17-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Licensing Requirements for the Phone Proxy Cisco Unified IP Phone 7941G-GE Cisco Unified IP Phone 7940 (SCCP protocol support only) Cisco Unified Wireless IP Phone 7921 Cisco Unified Wireless IP Phone 7925 NoteTo support Cisco Unified Wireless IP Phone 7925, you must also configure MIC or LSC on the IP phone so that it properly works with the phone proxy. CIPC for softphones ( CIPC versions... 
     
17-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Licensing Requirements for the Phone Proxy
Cisco Unified IP Phone 7941G-GE
Cisco Unified IP Phone 7940 (SCCP protocol support only)
Cisco Unified Wireless IP Phone 7921
Cisco Unified Wireless IP Phone 7925 
NoteTo support Cisco Unified Wireless IP Phone 7925, you must also configure MIC or LSC on the 
IP phone so that it properly works with the phone proxy. 
CIPC for softphones ( CIPC versions...

    Page 435

    Page 435 17-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Licensing Requirements for the Phone Proxy ASA 5512-X Base License: 2 sessions. Optional licenses: 24, 50, 100, 250, or 500 sessions. ASA 5515-X Base License: 2 sessions. Optional licenses: 24, 50, 100, 250, or 500 sessions. ASA 5525-X Base License: 2 sessions. Optional licenses: 24, 50, 100, 250, 500, 750, or 1000 sessions. ASA 5545-X Base License: 2 sessions. Optional licenses: 24, 50, 100,... 
     
17-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Licensing Requirements for the Phone Proxy
ASA 5512-X Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, or 500 sessions.
ASA 5515-X Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, or 500 sessions.
ASA 5525-X Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, 500, 750, or 1000 sessions.
ASA 5545-X Base License: 2 sessions.
Optional licenses: 24, 50, 100,...

    Page 436

    Page 436 17-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Prerequisites for the Phone Proxy For more information about licensing, see Chapter 5, “Managing Feature Licenses for Cisco ASA Version 7.1.” in the general operations configuration guide. Prerequisites for the Phone Proxy This section contains the following topics: Media Termination Instance Prerequisites, page 17-6 Certificates from the Cisco UCM, page 17-7 DNS Lookup Prerequisites, page... 
     
17-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Prerequisites for the Phone Proxy
For more information about licensing, see Chapter 5, “Managing Feature Licenses for Cisco ASA 
Version 7.1.” in the general operations configuration guide.
Prerequisites for the Phone Proxy
This section contains the following topics:
Media Termination Instance Prerequisites, page 17-6
Certificates from the Cisco UCM, page 17-7
DNS Lookup Prerequisites, page...

    Page 437

    Page 437 17-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Prerequisites for the Phone Proxy For IP phones behind a router or gateway, you must also meet this prerequisite. On the router or gateway, add routes to the media termination address on the ASA interface that the IP phones communicate with so that the phone can reach the media termination address. Certificates from the Cisco UCM Import the following certificates which are stored on the Cisco... 
     
17-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Prerequisites for the Phone Proxy
For IP phones behind a router or gateway, you must also meet this prerequisite. On the router or 
gateway, add routes to the media termination address on the ASA interface that the IP phones 
communicate with so that the phone can reach the media termination address.
Certificates from the Cisco UCM
Import the following certificates which are stored on the Cisco...

    Page 438

    Page 438 17-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Prerequisites for the Phone Proxy If NAT is configured for the TFTP server or Cisco UCMs, the translated “global” address must be used in the ACLs. Table 17-1 lists the ports that are required to be configured on the existing firewall: NoteAll these ports are configurable on the Cisco UCM, except for TFTP. These are the default values and should be modified if they are modified on the Cisco... 
     
17-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Prerequisites for the Phone Proxy
If NAT is configured for the TFTP server or Cisco UCMs, the translated “global” address must be used 
in the ACLs.
Table 17-1 lists the ports that are required to be configured on the existing firewall:
NoteAll these ports are configurable on the Cisco UCM, except for TFTP.  These are the default 
values and should be modified if they are modified on the Cisco...

    Page 439

    Page 439 17-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Prerequisites for the Phone Proxy Prerequisites for IP Phones on Multiple Interfaces When IP phones reside on multiple interfaces, the phone proxy configuration must have the correct IP address set for the Cisco UCM in the CTL file. See the following example topology for information about how to correctly set the IP address: phones --- (dmz)-----| |----- ASA PP --- (outside Internet) ---... 
     
17-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Prerequisites for the Phone Proxy
Prerequisites for IP Phones on Multiple Interfaces
When IP phones reside on multiple interfaces, the phone proxy configuration must have the correct IP 
address set for the Cisco UCM in the CTL file. 
See the following example topology for information about how to correctly set the IP address:
phones --- (dmz)-----|
|----- ASA PP --- (outside Internet) ---...

    Page 440

    Page 440 17-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Prerequisites for the Phone Proxy The phone must be configured to use only the SCCP protocol because the SIP protocol does not support encryption on these IP phones. If LSC provisioning is done via the phone proxy, you must add an ACL to allow the IP phones to register with the Cisco UCM on the nonsecure port 2000. Cisco IP Communicator Prerequisites To configure Cisco IP Communicator (CIPC)... 
     
17-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Prerequisites for the Phone Proxy
The phone must be configured to use only the SCCP protocol because the SIP protocol does not 
support encryption on these IP phones.
If LSC provisioning is done via the phone proxy, you must add an ACL to allow the IP phones to 
register with the Cisco UCM on the nonsecure port 2000.
Cisco IP Communicator Prerequisites
To configure Cisco IP Communicator (CIPC)...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals