Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Call manager 4.1.3 & Phone Proxy deployement

Hey guys,

We have CCM v4.1.3 and ASA 8.0(4) and are looking to implement (or attempt) Phone proxy/TLS proxy. Essentially we'd like to know if anyone has "successfully" deployed TLS proxy/phone proxy through the ASA v8 to CCM v4.1.3 or do we need to upgrade to a later version of CCM?

Any info, gotcha's etc much appreciated.

Pete

18 REPLIES
New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Ok we have deployed the config on to the ASA 8.0(4) hardware but the certificate install onto CCM4 is problematic. The documentation I am using for the config is using CCM6 and the options for installing the certificate are nowhere to be seen in CCM4.

Anyone configured this with CCM4 or am I wasting my time with this version of CCM?

Any help appreciated guys.

Pete

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

I'm in the same boat as you. Which documentation are you following?

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

I've been using the following white paper:

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns165/ns391/white_paper_c11-493584.html

It's not specific to CCM 4 but I don't have much in the way of documentation for this specific setup from what I've searched thus far.

I've configured our test CUCM6 server and now have the issue with the CTL client install asking for a usb secure token, a token we don't actually have and have never created or requested.

I'l let you know if I get any further.

Pete

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

All,

Managed to get this document.Registered the phone in a simulated teleworker solution with our CCM production network.

Exploring additional features as of now.

regard

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

So did you get it to work with this document on cm 4 1 3

did you load any cert from cm 4 1 ?

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Got it working for CCM 5.1.2 and CCM 6.1.2

regards

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Pete

Dis you every get this working on CM 4 1 3 and ASA 8 04

I have woking on cm 7 but not 4 1 3

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

I'm afraid not. I got most of the way on CCM6 but nowhere on v4.1.3.

This has taken a back seat at the moment whilst we deploy MPLS with Juniper kit :(

I'll return to this hopefully over the coming weeks.

Pete

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Have this working in cm 4.1 AND VER 7

TO MAKE IT WORK ON cm VER 4.1 3 used the pem ca from CUCM ver 7

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

I am on the same situation, hopefully someone has done it on CM4.1(3).

BTW,

my ASA have an existing Ipsec VPN, will the adding of the Phone proxy works?

Thanks

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

CM 4.1.3 works with ASA 8 04 use this link http://supportwiki.cisco.com/ViewWiki/index.php/ASA_Phone_Proxy_sample_configuration_via_ASDM

and when it says to load files from cm 4 1 3

to create trustpoints

I used the same files from CUCM 7.0

Rate this post it works

step 7 from above doc

. It is necessary to load the Cisco Manufacturer CA certificates onto the firewall so that phones that use MIC certificates and the firewall can make a secure connection. Therefore, we'll create a trustpoint for each of the CA certificates CAP-RTP-001, CAP-RTP-002, and Cisco_Manufacturing_CA. These CA certificates can be downloaded from the Call Manager by doing the following (these steps might be different depending on the Call Manager version): I used the file that were on CUCM ver 7

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Hi solokalina,

Nice to hear that! but how can I grab the files from CUCM 7.0 when we don't have any of that version.

Can a copy from others will work?

Thanks

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Hi, I am trying to get phone proxy working with 4.2. I can find te Cisco_Manufacturing_CA but there is no CAP_RTP_001 and CAP_RTP_02 on our 4.2 CCM server. Are you saying I can use the certificates from another UCM such as Ver 6?

Thanks

David Stevens

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Hi solokalina,

hope you can give us a workaround on how to get CA certificates from the CM ver 7. We only have CM ver 4.1(3).

Can a copy from other ver 7 be working on our current ver (4.1)?

thanks

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

Hi experts,

I tried the phone proxy on our ASA. The phone already downloaded the CTL but somehow cannot get the config file from the CM.

debug phone-proxy tftp:

PP: opened 0x36c442fa

PP: y.y.y.y/49161 requesting SEP001E7EEEEEEE.cnf.xml.sgn

PP: Client outside:y.y.y.y/49161 retransmitting request for Config file SEP001E7EEEEEEE.cnf.xml.sgn

PP: opened 0x36c442fa

PP: y.y.y.y/49161 requesting SEP001E7EEEEEEE.cnf.xml.sgn

PP: Client outside:y.y.y.y/49161 retransmitting request for Config file SEP001E7EEEEEEE.cnf.xml.sgn

PP: opened 0x36c442fa

PP: y.y.y.y/49161 requesting SEP001E7EEEEEEE.cnf.xml.sgn

PP: Client outside:y.y.y.y/49161 retransmitting request for Config file SEP001E7EEEEEEE.cnf.xml.sgn

PP: opened 0x36c442fa

and the status message on the phone is:

TFTP not authorized

hopefully someone can help me out!

thanks

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

In same situation with 4.2. Wondering where to get the cert files from 7.0 (or 6) as you mention w/o it loaded anywhere.

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

I have mine working with 4.1(3). I only used the CiscoCA, CiscoRootCA2048 and CiscoManufacturingCA from my CM. I didn't get any cert files from 7.0 or 6.0, i'll work, just get it form your CM cert files...

hth

New Member

Re: Call manager 4.1.3 & Phone Proxy deployement

You can actually use the three certificates from the wiki document as they are manufacturer certificates meaning that they are not unique per install.

Or you can spelunk your system for The CiscoCA.pem file (CAP-RTP-001), one of the tokenized filenames ending in .0 ext (CAP-RTP-002), and either of the two CiscoManufacturingCA.pem or another of the tokenized filenames ending in the .0 ext is the third.

This works with CCM 4.2(3) fine though I wouldn't mind figuring out how to use http-proxy to beat the directory/services/information button issue.

Cheers

364
Views
4
Helpful
18
Replies