[cisco-voip] ASA 8.0(4) Phone Proxy w/ CM 4.1(3)

Dane dane at pktloss.net
Thu Sep 25 10:47:31 EDT 2008 

Ok so I am going through the Cisco doc, 'Cisco Security Appliance
Command Line Configuration Guide', chapter 25 'Configuring Cisco
Unified Communications Proxy Features".

>From what I am reading there are multiple ways to achieve having IP
phones located outside of the internal network.  The method it seems I
need to leverage because of CallManager 4.1(3) is the Phone Proxy
method.

The most confusing part of all this revolves around the certificates.
For instance in the document it states on page 25-22, "These
certificates are required by the security appliance for the phone
proxy":

Cisco_Manufacturing_CA
CAP-RTP-001
CAP-RTP-002

It then goes on to tell you where to get / import the certs from on
CallManager.  In the case of 4.x these are located in Program
Files\Cisco\Certificates.

I go there on both CM's and I see the "CiscoManufacturingCA.pem"  but
no CAP-RTP files.  There is a CiscoCA and a CiscoRootCA2048

Any thoughts regarding this?  Obviously I am little confused as to
what certs I need now.

Thanks!

dane

On Wed, Sep 24, 2008 at 7:31 AM, c3voip <c3voip at nc.rr.com> wrote:
> Hi Dane,
>
> I successfully got it working with 4.1(3).  It is pretty straightforward.
> Just make sure that you import the certificates from your CallManager to the
> ASA.  Another gotcha was that you have to generate and install LSC's
> (Locally Significant Certificates) for any 7940/7960 phones you want to use
> with Phone Proxy, so without opening port 2000 you cannot remotely provision
> one of these phones.
>
> I also found out that since IP Communicator doesn't support encryption until
> CUCM 7.0.1 that Phone Proxy cannot support hard phones and IP Communicator
> at the same time.
>
> Let me know if you have any questions.
>
> -C
>
> -----Original Message-----
> From: cisco-voip-bounces at puck.nether.net
> [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Dane
> Sent: Tuesday, September 23, 2008 4:55 PM
> To: cisco-voip at puck.nether.net
> Subject: [cisco-voip] ASA 8.0(4) Phone Proxy w/ CM 4.1(3)
>
> I know there were some previous discussions on the list in the past
> (before 8.0(4)) was released regarding the phone proxy features and
> what was supported.
>
> According to what I am reading it appears that CM 4.x is supported.
>
> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/unifi
> ed_comm.html#wp1144923
>
> I am running 8.0(4) now on the ASA and notice we have some default
> basic license for 2 sessions, which is enough to just get this tested
> as a proof of concept.
>
> Just wondering who out there is in the same boat running 4.1(3) and
> has the phone proxy feature of 8.0(4) working?  I have not begun
> trying to get things to work yet, just doing my reading up on things
> now and it would be nice to bounce questions off of someone with some
> experience in this if and when they come up.
>
> Also interested in any caveats or issues (other than licensing) that
> might have halted your testing or implementation.
>
> Regards,
> Dane
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>

More information about the cisco-voip mailing list