<div dir="ltr">Really all the phone is trusting is the locally stored CTL on the ASA with just the ASA cert in there. Since you're not using TLS to CUCM (non-secure cluster), you don't really need any CUCM certs on the ASA.</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 7, 2016 at 5:14 AM, Abebe Amare <span dir="ltr"><<a href="mailto:abucho@gmail.com" target="_blank">abucho@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Brian,<div><br></div><div>The cluster is in non-secure mode. From the ASA side, it looks like I have to change only the CUCM address in the phone proxy configuration without downloading the Certificates again. Is my assumption correct?</div><div><br></div><div>regards,</div><div><br></div><div>Abebe</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 5, 2016 at 10:55 PM, Erick Bergquist <span dir="ltr"><<a href="mailto:erickbee@gmail.com" target="_blank">erickbee@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Yea, I stumbled across the ASA guide mentioning it when I was trying<br>
to find something stating CUCM 8.6 and phone proxy wasn't supported.<br>
<div><div><br>
On Tue, Jul 5, 2016 at 12:17 PM, Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>> wrote:<br>
> I'm not so sure that was supposed to be added in there. Phone proxy never<br>
> supported the security by default features of CUCM which is why it went End<br>
> of Support with 8.x along with Phone VPN being launched. It looks like a<br>
> doc bug was made to add CUCM 8.0 support into the ASA config guide recently-<br>
> <a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCto66376" rel="noreferrer" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCto66376</a><br>
><br>
> Security By Default features were never added to the ASA code that I know<br>
> of- <a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCti62447" rel="noreferrer" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCti62447</a><br>
><br>
> On Tue, Jul 5, 2016 at 1:19 PM, Erick Bergquist <<a href="mailto:erickbee@gmail.com" target="_blank">erickbee@gmail.com</a>> wrote:<br>
>><br>
>> The ASA 9.x documentation has Call Manager 8.0.x listed in it's<br>
>> configuration guide for phone proxy. Just went through this recently<br>
>> working on a phone proxy issue.<br>
>><br>
>><br>
>> On Tue, Jul 5, 2016 at 10:58 AM, Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>> wrote:<br>
>> > Technically phone proxy isn't supported on 8.x either. It ended support<br>
>> > after 7.x and Phone VPN replaced it in 8.x. If you're just using<br>
>> > 7940/60s<br>
>> > and IP Communicator, it should work still though.<br>
>> ><br>
>> > Do you have a mixed mode CUCM cluster now or just doing non-secure<br>
>> > between<br>
>> > the ASA and CUCM? You can check the Cluster Security Mode under<br>
>> > System->Enterprise Parameters.<br>
>> ><br>
>> > You really will want to use Phone VPN or MRA with Expressway instead of<br>
>> > Phone VPN though as it's not supported by TAC unless on CUCM 7.x.<br>
>> ><br>
>> > On Tue, Jul 5, 2016 at 5:05 AM, Abebe Amare <<a href="mailto:abucho@gmail.com" target="_blank">abucho@gmail.com</a>> wrote:<br>
>> >><br>
>> >> I am on the planning process to migrate CUCM 8.5 cluster to 10.5(2)<br>
>> >> using<br>
>> >> PCD simple migration to minimize any change. Since Phone Proxy is not<br>
>> >> supported on CUCM 10.x, I am thinking to keep the 8.5 cluster but<br>
>> >> change the<br>
>> >> IP address. My question is this:<br>
>> >><br>
>> >> 1. Do I have to enroll the certificate from CUCM to ASA when I change<br>
>> >> the<br>
>> >> IP address of CUCM 8.5?<br>
>> >> 2. What are other alternative features to phone proxy?<br>
>> >><br>
>> >> best regards,<br>
>> >><br>
>> >> Abebe<br>
>> >><br>
>> >> _______________________________________________<br>
>> >> cisco-voip mailing list<br>
>> >> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
>> >> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
>> >><br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > cisco-voip mailing list<br>
>> > <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
>> > <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
>> ><br>
><br>
><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>