Hi as per document i can see that Cisco phone proxy . Without using vpn connect . Customer want to keep configured Cucm on there Jabber or cisco mobile on the iphone and need to get connected when ever they have an internet access .
And also by keeping a small end router at branches havin only one cisco phone needs to connect to the corprate office using proxy.
Is that possible and also is it possible on 8.6 cucm version . Here am just attaching a document info which says version supported
Cisco Unified Communications Manager
The following release of the Cisco Unified Communications Manager are supported with the phone proxy:
•Cisco Unified CallManager Version 4.x
•Cisco Unified CallManager Version 5.0
•Cisco Unified CallManager Version 5.1
•Cisco Unified Communications Manager 6.1
•Cisco Unified Communications Manager 7.0
Take a look here
I had one client that is running CUCM 8.0 and is using Phone Proxy but on this link in CUCM 8.0 the Phone Proxy feature does not appear. But if you look at version 7.X the Phone Proxy appears.
You can open a case on the PDI to see this.
Rate this if it helps you
Thanks leonardotadeu...so you mean that from 8.0 onwards phone proxy is not been supported. write.
For phone proxy to work the ASA must support the version of SCCP that the phones/CUCM are running. Whatever document you've referenced most likely doesn't list newer versiosn as phone proxy was a temporary bandaid until a native VPN solution was ready. Now that it is the BU has stopped testing phone proxy in new releases. As long as the ASA code supports the SCCP verision phone proxy remains viable though. Personally I feel it's a horrible "solution" and you should make every attempt to move your customers away from it.
Thanks Schulenberg....So you also sujest to avoid proxy and go for vpn.
If you don't mind, I have a few questions:
Why is it a horrible solution?
Is IP phone VPN to ASA via anyconnect better?
Has anyone confirmed if CUCM 8.x supports phone proxy?
I have a customer who is using it successfully with a CUCM version 8.6(2a) cluster, an active/standby ASA 5510 pair running 8.2(2) code and 7942 remote IP phones. So it works but I will admit that I do not like the fact that it is not listed as supported and I prefer the IP phone VPN solution so I recommend you go that route if possible. Cisco now just needs to come up with a way to allow users to provision the remote VPN phone without first registering it to the CUCM locally in my opinion. I hope this helps.
I read on other posts that, SCCP version on these phones has to be 8.5.2 or lower to work with CUCM 8.6(2)a with ASA Phone proxy? Can you tell me what version of the firmware you have on your 7942. We currenly have around 20+ 7965 phones currently on 7.1.3 CUCM and in the plans to migrate 8.6(2)a. Just wanted to avoid any surprises post migration
I do not have any specific technical reasons to give you at this time but I believe it is more secure and the set up of it is less kludgy than the phone proxy in my opinion. Plus it uses SSL VPN so you can troubleshoot the connection using a computer and if you already familiar with how to provision SSL VPN on an ASA then there is very little learning curve to configure a profile for phones to use.
My original rant from 2009 covered most of the arguments. One additional point I can think of is that it did not support tunneling of any HTTP traffic (e.g. Corporate Directory, Extension Mobility, etc). If you wanted those to work you would have to expose Tomcat to the Internet as well.
In short, it's a workaround facilitated by the ASA and should not be considered a real solution.
I understand the VPN solution is a good one, but we have already 100 proxy phones deployed and from what I read I'd need to first set up a VPN phone on the cluster before deploying it in the field. This would be difficult to do with users all over the country. Or am I missing something?
I have a question about our ASA though if anyone can answer it. We have to move from an ASA 5510 to a 5520 due to the 100 UC proxy-phone license limitation (even though we have 70 phones it appears that a UC license is taken up for each TFTP server configured on the phone - primary and secondary). When I configured the 5520 I can register new phones no problem. None of the existing phones will register until the CTL file is manually deleted on each phone. Is there a way to seamlessly migrate to the 5520? Such as using the same certs, CTL file etc.. on the 5520? When I configured it it generated it's own self-signed key and CTL file. I did import the certificates from CUCM...
I have implemented ASA UC proxy solution for my customer & also implemented for USA Customer . It is working fine .
Please let me know for any query . My email id is firstname.lastname@example.org
Thank You !