angryciscoguy

So, I am seeing a lot of Cisco phone proxy installs lately and thought I’d put together a quick cheat sheet for the configuration that you will see in 99% of your installs. This of course is where you are not encrypting voice on the internal side so no fancy CAPF CTL to CM junk. The config is actually rather basic in this scenario (when you know what you are doing and understand the components involved).

Prerequisites:

• ASA 8.0.4 code release
• ASA already configured and working as basic firewall with inside and outside connectivity.
• A minimum of 2 Global (external) IP addresses for this feature
• Basic ASA configuration knowledge
• Basic Cisco Communications Manager knowledge
• > 2 working braincells

IP Configuration:

• Internal CM address    192.168.1.1 (required)
• Internal CM address    192.168.1.2 (optional)
• External TFTP Address #1  1.1.1.1 (required)
• External TFTP Address #2  2.2.2.2 (optional)
• External Media Address 3.3.3.3 (required and must be dedicated to this feature)
• External phones must be pointing to external TFTP IP address(es) as configured by ASA.

Config:

Below configuration includes the extra input as required. A show run will not show all these commands and will additionally show  auto generated configurations that are part of this config but not seen below. (for more details, see prerequisite #4 and #6). Additionally this config does not show you how to get the URL functions of the phone working (Enterprise Parameters setup in CM). That usually involves one of the 2 following configs: reverse http proxy to CM that you use to point the ip phones to (more secure, requires http reverse proxy server); pinhole in ASA (port forward) to point the external adddress ports to the internal http ports on the CM server (less secure).

So on to the ASA config…

(more…)