Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2735
Views
0
Helpful
18
Replies

ASA Phone Proxy---Phone service and Directory buttons not work

jjia
Level 2
Level 2

‎02-25-2009 08:38 PM - edited ‎03-15-2019 04:28 PM

Hi,

Try to configure ASA8.0(4) phone proxy feature with Callmanager 6.1(x) as per the documentation http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/unified_comm.html#wp1144829

I assigned TFTP server ip address on the remote IP phone with ASA proxy address, and the remote IP Phone can successfully register to CallManager.

But from remote IP Phone, the phone directory and phone service button are not working:"Host not found". I think this is because the ip phone still get the phone service internal ip address of CallManager?

Or I missed something?

Thanks,

JJ

Labels:
0 Helpful
18 Replies 18

rfallara
Level 1
Level 1

‎02-14-2010 05:45 PM

Are you pointing directly at a cucm for the proxy server address? It should work if all the services are on that cucm but if you are trying to hit web services on other internal boxes the call manager wont proxy those requests, you need to point to a real web proxy server. I ended up setting up a squid proxy box and point all external phones to that and it was able to get there requests to the right box on the inside.

0 Helpful

redrobish
Level 1
Level 1
In response to rfallara

‎02-14-2010 06:00 PM

yep, I'm pointing to a CUCM address and i can see the URL from the external phone are all correct (same as the internal phones)

i.e. Directories URL:http://s.s.s.s/CCMCIP/xmldirectory.asp where the s.s.s.s = internal CUCM address

Just wondering, the ASA should be able to proxy this right? or should I add anything on the ASA?

Thanks

0 Helpful

Jon Nelson
Level 3
Level 3
In response to redrobish

‎02-14-2010 06:52 PM

Here is a sample of my working configuration for the Phone Proxy portion:

phone-proxy CUCM-PHONE-PROXY

media-termination mediaterm1

tftp-server address 10.1.1.1 interface inside

tftp-server address 10.2.1.1 interface outside

tls-proxy CUCM-TLS

cipc security-mode authenticated

ctl-file CUCM-CTL

proxy-server address 10.1.1.1 interface inside

I'm running 8.2.2 on the ASA in my lab and CUCM 7.1.3su1b.

I've changed the IP's, but it does work. The one drawback to this configuration is that all the information sent is sent in clear text, so if someone is sniffing traffic they could get logins, passwords, IP's, etc. This might be remedied in CUCM8 with secure services.

HTH

-Jon

0 Helpful

redrobish
Level 1
Level 1
In response to Jon Nelson

‎02-14-2010 07:43 PM

Hi Jon,

I've added the "tftp-server address x.x.x.x interface outside" on mine but still not working.

y.y.y.y = subscriber

z.z.z.z = publisher

x.x.x.x = external ip static to z.z.z.z (pubs)

here's mine:

phone-proxy CUCM-PHONE-PROXY

media-termination mediaterm1

tftp-server address z.z.z.z interface inside

tftp-server address x.x.x.x interface outside --just added

tls-proxy CUCM-TLS

cipc security-mode authenticated

ctl-file CUCM-CTL

proxy-server address z.z.z.z interface inside

Just noticed on the status of the phone the error:TFTP not authorized: y.y.y.y but the phone proxy is working (can make calls,etc.). Since I only declare one CUCM address on the ASA to utilize the 2 free license. Would this be an issue related to the EM?

btw, mine is 8.2.1, i'll upgrade to 8.2.2 then see if that improves.

Thanks

0 Helpful
Customers Also Viewed These Support Documents