Really all the phone is trusting is the locally stored CTL on the ASA with just the ASA cert in there. Since you're not using TLS to CUCM (non-secure cluster), you don't really need any CUCM certs on the ASA.
On Thu, Jul 7, 2016 at 5:14 AM, Abebe Amare <abu...@gmail.com> wrote: > Hi Brian, > > The cluster is in non-secure mode. From the ASA side, it looks like I have > to change only the CUCM address in the phone proxy configuration without > downloading the Certificates again. Is my assumption correct? > > regards, > > Abebe > > On Tue, Jul 5, 2016 at 10:55 PM, Erick Bergquist <erick...@gmail.com> > wrote: > >> Yea, I stumbled across the ASA guide mentioning it when I was trying >> to find something stating CUCM 8.6 and phone proxy wasn't supported. >> >> On Tue, Jul 5, 2016 at 12:17 PM, Brian Meade <bmead...@vt.edu> wrote: >> > I'm not so sure that was supposed to be added in there. Phone proxy >> never >> > supported the security by default features of CUCM which is why it went >> End >> > of Support with 8.x along with Phone VPN being launched. It looks like >> a >> > doc bug was made to add CUCM 8.0 support into the ASA config guide >> recently- >> > https://bst.cloudapps.cisco.com/bugsearch/bug/CSCto66376 >> > >> > Security By Default features were never added to the ASA code that I >> know >> > of- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCti62447 >> > >> > On Tue, Jul 5, 2016 at 1:19 PM, Erick Bergquist <erick...@gmail.com> >> wrote: >> >> >> >> The ASA 9.x documentation has Call Manager 8.0.x listed in it's >> >> configuration guide for phone proxy. Just went through this recently >> >> working on a phone proxy issue. >> >> >> >> >> >> On Tue, Jul 5, 2016 at 10:58 AM, Brian Meade <bmead...@vt.edu> wrote: >> >> > Technically phone proxy isn't supported on 8.x either. It ended >> support >> >> > after 7.x and Phone VPN replaced it in 8.x. If you're just using >> >> > 7940/60s >> >> > and IP Communicator, it should work still though. >> >> > >> >> > Do you have a mixed mode CUCM cluster now or just doing non-secure >> >> > between >> >> > the ASA and CUCM? You can check the Cluster Security Mode under >> >> > System->Enterprise Parameters. >> >> > >> >> > You really will want to use Phone VPN or MRA with Expressway instead >> of >> >> > Phone VPN though as it's not supported by TAC unless on CUCM 7.x. >> >> > >> >> > On Tue, Jul 5, 2016 at 5:05 AM, Abebe Amare <abu...@gmail.com> >> wrote: >> >> >> >> >> >> I am on the planning process to migrate CUCM 8.5 cluster to 10.5(2) >> >> >> using >> >> >> PCD simple migration to minimize any change. Since Phone Proxy is >> not >> >> >> supported on CUCM 10.x, I am thinking to keep the 8.5 cluster but >> >> >> change the >> >> >> IP address. My question is this: >> >> >> >> >> >> 1. Do I have to enroll the certificate from CUCM to ASA when I >> change >> >> >> the >> >> >> IP address of CUCM 8.5? >> >> >> 2. What are other alternative features to phone proxy? >> >> >> >> >> >> best regards, >> >> >> >> >> >> Abebe >> >> >> >> >> >> _______________________________________________ >> >> >> cisco-voip mailing list >> >> >> cisco-voip@puck.nether.net >> >> >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >> >> >> > >> >> > >> >> > _______________________________________________ >> >> > cisco-voip mailing list >> >> > cisco-voip@puck.nether.net >> >> > https://puck.nether.net/mailman/listinfo/cisco-voip >> >> > >> > >> > >> > >
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip