[cisco-voip] CUCM 10.5(2) ASA Phone Proxy
Brian Meade
bmeade90 at vt.edu
Thu Jul 7 10:20:59 EDT 2016
Really all the phone is trusting is the locally stored CTL on the ASA with
just the ASA cert in there. Since you're not using TLS to CUCM (non-secure
cluster), you don't really need any CUCM certs on the ASA.
On Thu, Jul 7, 2016 at 5:14 AM, Abebe Amare <abucho at gmail.com> wrote:
> Hi Brian,
>
> The cluster is in non-secure mode. From the ASA side, it looks like I have
> to change only the CUCM address in the phone proxy configuration without
> downloading the Certificates again. Is my assumption correct?
>
> regards,
>
> Abebe
>
> On Tue, Jul 5, 2016 at 10:55 PM, Erick Bergquist <erickbee at gmail.com>
> wrote:
>
>> Yea, I stumbled across the ASA guide mentioning it when I was trying
>> to find something stating CUCM 8.6 and phone proxy wasn't supported.
>>
>> On Tue, Jul 5, 2016 at 12:17 PM, Brian Meade <bmeade90 at vt.edu> wrote:
>> > I'm not so sure that was supposed to be added in there. Phone proxy
>> never
>> > supported the security by default features of CUCM which is why it went
>> End
>> > of Support with 8.x along with Phone VPN being launched. It looks like
>> a
>> > doc bug was made to add CUCM 8.0 support into the ASA config guide
>> recently-
>> > https://bst.cloudapps.cisco.com/bugsearch/bug/CSCto66376
>> >
>> > Security By Default features were never added to the ASA code that I
>> know
>> > of- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCti62447
>> >
>> > On Tue, Jul 5, 2016 at 1:19 PM, Erick Bergquist <erickbee at gmail.com>
>> wrote:
>> >>
>> >> The ASA 9.x documentation has Call Manager 8.0.x listed in it's
>> >> configuration guide for phone proxy. Just went through this recently
>> >> working on a phone proxy issue.
>> >>
>> >>
>> >> On Tue, Jul 5, 2016 at 10:58 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>> >> > Technically phone proxy isn't supported on 8.x either. It ended
>> support
>> >> > after 7.x and Phone VPN replaced it in 8.x. If you're just using
>> >> > 7940/60s
>> >> > and IP Communicator, it should work still though.
>> >> >
>> >> > Do you have a mixed mode CUCM cluster now or just doing non-secure
>> >> > between
>> >> > the ASA and CUCM? You can check the Cluster Security Mode under
>> >> > System->Enterprise Parameters.
>> >> >
>> >> > You really will want to use Phone VPN or MRA with Expressway instead
>> of
>> >> > Phone VPN though as it's not supported by TAC unless on CUCM 7.x.
>> >> >
>> >> > On Tue, Jul 5, 2016 at 5:05 AM, Abebe Amare <abucho at gmail.com>
>> wrote:
>> >> >>
>> >> >> I am on the planning process to migrate CUCM 8.5 cluster to 10.5(2)
>> >> >> using
>> >> >> PCD simple migration to minimize any change. Since Phone Proxy is
>> not
>> >> >> supported on CUCM 10.x, I am thinking to keep the 8.5 cluster but
>> >> >> change the
>> >> >> IP address. My question is this:
>> >> >>
>> >> >> 1. Do I have to enroll the certificate from CUCM to ASA when I
>> change
>> >> >> the
>> >> >> IP address of CUCM 8.5?
>> >> >> 2. What are other alternative features to phone proxy?
>> >> >>
>> >> >> best regards,
>> >> >>
>> >> >> Abebe
>> >> >>
>> >> >> _______________________________________________
>> >> >> cisco-voip mailing list
>> >> >> cisco-voip at puck.nether.net
>> >> >> https://puck.nether.net/mailman/listinfo/cisco-voip
>> >> >>
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > cisco-voip mailing list
>> >> > cisco-voip at puck.nether.net
>> >> > https://puck.nether.net/mailman/listinfo/cisco-voip
>> >> >
>> >
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160707/3e5fbd61/attachment.html>
More information about the cisco-voip
mailing list