02-25-2009 08:38 PM - edited 03-15-2019 04:28 PM
Hi,
Try to configure ASA8.0(4) phone proxy feature with Callmanager 6.1(x) as per the documentation http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/unified_comm.html#wp1144829
I assigned TFTP server ip address on the remote IP phone with ASA proxy address, and the remote IP Phone can successfully register to CallManager.
But from remote IP Phone, the phone directory and phone service button are not working:"Host not found". I think this is because the ip phone still get the phone service internal ip address of CallManager?
Or I missed something?
Thanks,
JJ
02-14-2010 05:45 PM
Are you pointing directly at a cucm for the proxy server address? It should work if all the services are on that cucm but if you are trying to hit web services on other internal boxes the call manager wont proxy those requests, you need to point to a real web proxy server. I ended up setting up a squid proxy box and point all external phones to that and it was able to get there requests to the right box on the inside.
02-14-2010 06:00 PM
yep, I'm pointing to a CUCM address and i can see the URL from the external phone are all correct (same as the internal phones)
i.e. Directories URL:http://s.s.s.s/CCMCIP/xmldirectory.asp where the s.s.s.s = internal CUCM address
Just wondering, the ASA should be able to proxy this right? or should I add anything on the ASA?
Thanks
02-14-2010 06:52 PM
Here is a sample of my working configuration for the Phone Proxy portion:
phone-proxy CUCM-PHONE-PROXY
media-termination mediaterm1
tftp-server address 10.1.1.1 interface inside
tftp-server address 10.2.1.1 interface outside
tls-proxy CUCM-TLS
cipc security-mode authenticated
ctl-file CUCM-CTL
proxy-server address 10.1.1.1 interface inside
I'm running 8.2.2 on the ASA in my lab and CUCM 7.1.3su1b.
I've changed the IP's, but it does work. The one drawback to this configuration is that all the information sent is sent in clear text, so if someone is sniffing traffic they could get logins, passwords, IP's, etc. This might be remedied in CUCM8 with secure services.
HTH
-Jon
02-14-2010 07:43 PM
Hi Jon,
I've added the "tftp-server address x.x.x.x interface outside" on mine but still not working.
y.y.y.y = subscriber
z.z.z.z = publisher
x.x.x.x = external ip static to z.z.z.z (pubs)
here's mine:
phone-proxy CUCM-PHONE-PROXY
media-termination mediaterm1
tftp-server address z.z.z.z interface inside
tftp-server address x.x.x.x interface outside --just added
tls-proxy CUCM-TLS
cipc security-mode authenticated
ctl-file CUCM-CTL
proxy-server address z.z.z.z interface inside
Just noticed on the status of the phone the error:TFTP not authorized: y.y.y.y but the phone proxy is working (can make calls,etc.). Since I only declare one CUCM address on the ASA to utilize the 2 free license. Would this be an issue related to the EM?
btw, mine is 8.2.1, i'll upgrade to 8.2.2 then see if that improves.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide