[cisco-voip] CUCM 10.5(2) ASA Phone Proxy

Abebe Amare abucho at gmail.com
Fri Jul 8 03:08:58 EDT 2016


Hi Brian,

Thanks for the invaluable support.

regards,

Abebe

On Thu, Jul 7, 2016 at 5:20 PM, Brian Meade <bmeade90 at vt.edu> wrote:

> Really all the phone is trusting is the locally stored CTL on the ASA with
> just the ASA cert in there.  Since you're not using TLS to CUCM (non-secure
> cluster), you don't really need any CUCM certs on the ASA.
>
> On Thu, Jul 7, 2016 at 5:14 AM, Abebe Amare <abucho at gmail.com> wrote:
>
>> Hi Brian,
>>
>> The cluster is in non-secure mode. From the ASA side, it looks like I
>> have to change only the CUCM address in the phone proxy configuration
>> without downloading the Certificates again. Is my assumption correct?
>>
>> regards,
>>
>> Abebe
>>
>> On Tue, Jul 5, 2016 at 10:55 PM, Erick Bergquist <erickbee at gmail.com>
>> wrote:
>>
>>> Yea, I stumbled across the ASA guide mentioning it when I was trying
>>> to find something stating CUCM 8.6 and phone proxy wasn't supported.
>>>
>>> On Tue, Jul 5, 2016 at 12:17 PM, Brian Meade <bmeade90 at vt.edu> wrote:
>>> > I'm not so sure that was supposed to be added in there.  Phone proxy
>>> never
>>> > supported the security by default features of CUCM which is why it
>>> went End
>>> > of Support with 8.x along with Phone VPN being launched.  It looks
>>> like a
>>> > doc bug was made to add CUCM 8.0 support into the ASA config guide
>>> recently-
>>> > https://bst.cloudapps.cisco.com/bugsearch/bug/CSCto66376
>>> >
>>> > Security By Default features were never added to the ASA code that I
>>> know
>>> > of- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCti62447
>>> >
>>> > On Tue, Jul 5, 2016 at 1:19 PM, Erick Bergquist <erickbee at gmail.com>
>>> wrote:
>>> >>
>>> >> The ASA 9.x documentation has Call Manager 8.0.x listed in it's
>>> >> configuration guide for phone proxy. Just went through this recently
>>> >> working on a phone proxy issue.
>>> >>
>>> >>
>>> >> On Tue, Jul 5, 2016 at 10:58 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>>> >> > Technically phone proxy isn't supported on 8.x either.  It ended
>>> support
>>> >> > after 7.x and Phone VPN replaced it in 8.x.  If you're just using
>>> >> > 7940/60s
>>> >> > and IP Communicator, it should work still though.
>>> >> >
>>> >> > Do you have a mixed mode CUCM cluster now or just doing non-secure
>>> >> > between
>>> >> > the ASA and CUCM?  You can check the Cluster Security Mode under
>>> >> > System->Enterprise Parameters.
>>> >> >
>>> >> > You really will want to use Phone VPN or MRA with Expressway
>>> instead of
>>> >> > Phone VPN though as it's not supported by TAC unless on CUCM 7.x.
>>> >> >
>>> >> > On Tue, Jul 5, 2016 at 5:05 AM, Abebe Amare <abucho at gmail.com>
>>> wrote:
>>> >> >>
>>> >> >> I am on the planning process to migrate CUCM 8.5 cluster to 10.5(2)
>>> >> >> using
>>> >> >> PCD simple migration to minimize any change. Since Phone Proxy is
>>> not
>>> >> >> supported on CUCM 10.x, I am thinking to keep the 8.5 cluster but
>>> >> >> change the
>>> >> >> IP address. My question is this:
>>> >> >>
>>> >> >> 1. Do I have to enroll the certificate from CUCM to ASA when I
>>> change
>>> >> >> the
>>> >> >> IP address of CUCM 8.5?
>>> >> >> 2. What are other alternative features to phone proxy?
>>> >> >>
>>> >> >> best regards,
>>> >> >>
>>> >> >> Abebe
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> cisco-voip mailing list
>>> >> >> cisco-voip at puck.nether.net
>>> >> >> https://puck.nether.net/mailman/listinfo/cisco-voip
>>> >> >>
>>> >> >
>>> >> >
>>> >> > _______________________________________________
>>> >> > cisco-voip mailing list
>>> >> > cisco-voip at puck.nether.net
>>> >> > https://puck.nether.net/mailman/listinfo/cisco-voip
>>> >> >
>>> >
>>> >
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160708/d41b499e/attachment.html>


More information about the cisco-voip mailing list