[cisco-voip] Phone proxy with ASA

Brian Meade (brmeade) brmeade at cisco.com
Thu Oct 24 17:48:55 EDT 2013 

Fred,

That probably means the policy-map isn't applied correctly to intercept the TFTP traffic.

Do you have inspect tftp under your global policy?

Thanks,
Brian

From: Fred Hunt [mailto:FHunt at erdman.com]
Sent: Thursday, October 24, 2013 5:37 PM
To: Brian Meade (brmeade); cisco-voip at puck.nether.net
Subject: RE: Phone proxy with ASA

Brian,
Thanks for the reply.

This isn't a mixed-mode cluster.

The CTL config has no shutdown entered:
ctl-file asdm_ctl_file
record-entry cucm-tftp trustpoint UCphoneproxy_trustpoint address XXX.XXX.XXX.XXX
no shutdown

I have the external address for TFTP that is configured in NAT entered as the address above.

Oddly, I don't see anything in the log regarding TFTP activity when I have phone-proxy tftp debugging enabled.  That doesn't make sense, considering I can pull a config file with a TFTP client on my computer.

Fred

From: Brian Meade (brmeade) [mailto:brmeade at cisco.com]
Sent: Thursday, October 24, 2013 4:27 PM
To: Fred Hunt; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: Phone proxy with ASA

Fred,

Is this on a mixed-mode cluster?

What's your CTL-file config look like on the ASA?  Did you make sure to do a "no shut"?

ctl-file asdm_CTL_File
record-entry capf trustpoint capf_trustpoint address 10.26.100.2
record-entry cucm-tftp trustpoint phoneproxy_trustpoint address 10.26.100.2
no shutdown
!
Replace 10.26.100.2 with your external IP address you have the static NAT configured for.

Also, try running "debug phone-proxy tftp" on the ASA to see the CTL file request.

Thanks,
Brian

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Fred Hunt
Sent: Thursday, October 24, 2013 5:18 PM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Phone proxy with ASA

I'm trying to use the phone proxy feature on a ASA 5520 running 8.4(3).  We are running CUCM 7.1.3 and I'm trying this with a 7941 phone.  A colleague of mine who is no longer here claims to have set this up successfully and I saw that it was mostly configured with the exception of the CTL not being enabled.  The documentation I've found on this isn't great, but I followed this: https://supportforums.cisco.com/docs/DOC-1364.  It appears that the phone is downloading the phone config file, but it just sits "Registering" before it cycles and tries again.  These are the status messages that I see:
SEP001e4a0bcc00.cnf.xml
No CTL installed
File Not Found: CTLFile.tlv

I've enabled phone-proxy debugging and tls-proxy debugging and I don't see anything indicating an issue.  I've tried a CIPC phone and the result isn't any different.  I can successfully request a phone config file using a TFTP client on a computer.

Any ideas?
Thanks,
Fred Hunt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131024/98e006c1/attachment.html>

More information about the cisco-voip mailing list