I am just starting to look over the phone proxy configuration for the ASAs. I noticed one of the steps was to open TFTP access to the CM from the Internet. My question is what are the security ramifications to doing this and has anyone here addressed this in their environment?
Not sure where you read that you have to open the TFTP access to the CM from the internet.
Actually, what you need is to setup NAT on the ASA. So the ASA will translate an external IP to internal. Also, the connection between the ASA and the phone is going to be secure and so there is not much of a security issue there.
Using an access-list, permit inbound TFTP traffic to the tftp-server's global IP address. This is the only specific acl entry that needs to exist to allow the phone-proxy to work. The secured streams which terminate on the firewall will be permitted automatically by the firewall.
I would be sure to put the cluster in Mixed Mode and use TFTP encryption to protect the downloads. I would also make sure to throttle the connections allowed on the ASA to prevent a DoS against the TFTP server.
If you are a partner the AZTEC team has been working on a lab for this due out sometime in July. I would speak with your channels team so you can get some practice.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...