Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 441

    Page 441 17-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Prerequisites for the Phone Proxy Rate Limiting Configuration Example The following example describes how you configure rate limiting for TFTP requests by using the police command and the Modular Policy Framework. Begin by determining the conformance rate that is required for the phone proxy. To determine the conformance rate, use the following formula: X * Y * 8 Where X = requests per... 
     
17-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Prerequisites for the Phone Proxy
Rate Limiting Configuration Example
The following example describes how you configure rate limiting for TFTP requests by using the police 
command and the Modular Policy Framework.
Begin by determining the conformance rate that is required for the phone proxy. To determine the 
conformance rate, use the following formula:
X * Y * 8
Where 
X  = requests per...

    Page 442

    Page 442 17-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Phone Proxy Guidelines and Limitations NoteAs an alternative to authenticating remote IP phones through the TLS handshake, you can configure authentication via LSC provisioning. With LSC provisioning you create a password for each remote IP phone user and each user enters the password on the remote IP phones to retrieve the LSC. Because using LSC provisioning to authenticate remote IP... 
     
17-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Phone Proxy Guidelines and Limitations
NoteAs an alternative to authenticating remote IP phones through the TLS handshake, you can configure 
authentication via LSC provisioning. With LSC provisioning you create a password for each remote IP 
phone user and each user enters the password on the remote IP phones to retrieve the LSC. 
Because using LSC provisioning to authenticate remote IP...

    Page 443

    Page 443 17-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Phone Proxy Guidelines and Limitations format: SEP.cnf.xml. If the device name does not follow this format (SEP), CIPC cannot retrieve its configuration file from Cisco UMC via the phone proxy and CIPC will not function. The phone proxy does not support IP phones sending SCCP video messages using Cisco VT Advantage because SCCP video messages do not support SRTP keys. For mixed-mode... 
     
17-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Phone Proxy Guidelines and Limitations
format: SEP.cnf.xml. If the device name does not follow this format 
(SEP), CIPC cannot retrieve its configuration file from Cisco UMC via the phone 
proxy and CIPC will not function. 
The phone proxy does not support IP phones sending SCCP video messages using Cisco VT 
Advantage because SCCP video messages do not support SRTP keys. 
For mixed-mode...

    Page 444

    Page 444 17-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy If you decide to configure a media-termination address on interfaces (rather than using a global interface), you must configure a media-termination address on at least two interfaces (the inside and an outside interface) before applying the phone-proxy service policy. Otherwise, you will receive an error message when enabling the Phone Proxy with SIP and Skinny... 
     
17-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
If you decide to configure a media-termination address on interfaces (rather than using a global 
interface), you must configure a media-termination address on at least two interfaces (the inside and 
an outside interface) before applying the phone-proxy service policy. Otherwise, you will receive an 
error message when enabling the Phone Proxy with SIP and Skinny...

    Page 445

    Page 445 17-15 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy Creating the CTL File Create a Certificate Trust List (CTL) file that is required by the Phone Proxy. Specify the certificates needed by creating a new CTL file or by specifying the path of an exiting CTL file to parse from Flash memory. Create trustpoints and generate certificates for each entity in the network (CUCM, CUCM and TFTP, TFTP server, CAPF) that the... 
     
17-15
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
Creating the CTL File
Create a Certificate Trust List (CTL) file that is required by the Phone Proxy. Specify the certificates 
needed by creating a new CTL file or by specifying the path of an exiting CTL file to parse from Flash 
memory. 
Create trustpoints and generate certificates for each entity in the network (CUCM, CUCM and TFTP, 
TFTP server, CAPF) that the...

    Page 446

    Page 446 17-16 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy Because the Phone Proxy generates the CTL file, it needs to create the System Administrator Security Token (SAST) key to sign the CTL file itself. This key can be generated on the ASA. A SAST is created as a self-signed certificate. Typically, a CTL file contains more than one SAST. In case a SAST is not recoverable, the other one can be used to sign the file... 
     
17-16
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
Because the Phone Proxy generates the CTL file, it needs to create the System Administrator Security 
Token (SAST) key to sign the CTL file itself. This key can be generated on the ASA. A SAST is created 
as a self-signed certificate. Typically, a CTL file contains more than one SAST. In case a SAST is not 
recoverable, the other one can be used to sign the file...

    Page 447

    Page 447 17-17 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy Step 6(Optional) In the Domain Name field, specify the domain name of the trustpoint used to create the DNS field for the trustpoint. This is appended to the Common Name field of the Subject DN to create the DNS Name. The domain name should be configured when the FQDN is not configured for the trustpoint. Only one domain-name can be specified. NoteIf you are... 
     
17-17
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
Step 6(Optional) In the Domain Name field, specify the domain name of the trustpoint used to create the DNS 
field for the trustpoint. This is appended to the Common Name field of the Subject DN to create the DNS 
Name. The domain name should be configured when the FQDN is not configured for the trustpoint. Only 
one domain-name can be specified.
NoteIf you are...

    Page 448

    Page 448 17-18 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy Step 4Specify the minimum and maximum values for the RTP port range for the media termination instance. The minimum port and the maximum port can be a value from 1024 to 65535. Step 5Click Apply to save the media termination address configuration settings. Creating the Phone Proxy Instance Create the phone proxy instance. To have a fully functional phone proxy, you... 
     
17-18
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
Step 4Specify the minimum and maximum values for the RTP port range for the media termination instance. 
The minimum port and the maximum port can be a value from 1024 to 65535.
Step 5Click Apply to save the media termination address configuration settings.
Creating the Phone Proxy Instance
Create the phone proxy instance. To have a fully functional phone proxy, you...

    Page 449

    Page 449 17-19 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy To create a new CTL file for the Phone Proxy, click the link Generate Certificate Trust List File. The Create a Certificate Trust List (CTL) File pane opens. See “Creating the CTL File” section on page 17-15. Step 6To specify the security mode of the CUCM cluster, click one of the following options in the CUCM Cluster Mode field: Non-secure—Specifies the cluster... 
     
17-19
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
To create a new CTL file for the Phone Proxy, click the link Generate Certificate Trust List File. The 
Create a Certificate Trust List (CTL) File pane opens. See “Creating the CTL File” section on 
page 17-15. 
Step 6To specify the security mode of the CUCM cluster, click one of the following options in the CUCM 
Cluster Mode field:
Non-secure—Specifies the cluster...

    Page 450

    Page 450 17-20 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy The IP address you enter should be the global IP address based on where the IP phone and HTTP proxy server is located. You can enter a hostname in the IP Address field when that hostname can be resolved to an IP address by the ASA (for example, DNS lookup is configured) because the ASA will resolve the hostname to an IP address. If a port is not specified, the... 
     
17-20
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
The IP address you enter should be the global IP address based on where the IP phone and HTTP 
proxy server is located. You can enter a hostname in the IP Address field when that hostname can 
be resolved to an IP address by the ASA (for example, DNS lookup is configured) because the ASA 
will resolve the hostname to an IP address. If a port is not specified, the...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals