Showing results for 
Search instead for 
Did you mean: 
Breeze Kuriakose

cisco phone proxy will support on cucm 8.6 or not

Hi as per document i can see that Cisco phone proxy . Without using vpn connect . Customer want to keep configured Cucm on there Jabber or cisco mobile on the iphone and need to get connected when ever they have an internet access .

And also by keeping a small end router at branches havin only one cisco phone needs to connect to the corprate office using proxy.

Is that possible and also is it possible on 8.6 cucm version . Here am just attaching a document info which says version supported

Supported Cisco UCM and IP Phones for the Phone Proxy

Cisco Unified Communications Manager

The following release of the Cisco Unified Communications Manager are supported with the phone proxy:

Cisco Unified CallManager Version 4.x

Cisco Unified CallManager Version 5.0

Cisco Unified CallManager Version 5.1

Cisco Unified Communications Manager 6.1

Cisco Unified Communications Manager 7.0

Breeze Joseph Kuriakose Sr Network Engineer
Leonardo Tadeu

Hello Breeze

Take a look here

I had one client that  is running CUCM 8.0 and is using Phone Proxy but on this link in CUCM 8.0 the Phone Proxy feature does not appear. But if you look at version 7.X the Phone Proxy appears.

You can open a case on the PDI to see this.

Rate this if it helps you


Thanks you mean that from 8.0 onwards phone proxy is not been supported. write.

Breeze Joseph Kuriakose Sr Network Engineer

For phone proxy to work the ASA must support the version of SCCP that the phones/CUCM are running. Whatever document you've referenced most likely doesn't list newer versiosn as phone proxy was a temporary bandaid until a native VPN solution was ready. Now that it is the BU has stopped testing phone proxy in new releases. As long as the ASA code supports the SCCP verision phone proxy remains viable though. Personally I feel it's a horrible "solution" and you should make every attempt to move your customers away from it.

I agree with you about this solution Jonathan thanks for the valuable info!

Thanks Schulenberg....So you also sujest to avoid proxy and go for vpn.

Breeze Joseph Kuriakose Sr Network Engineer

Hi Jonathan,

If you don't mind, I have a few questions:

Why is it a horrible solution?

Is IP phone VPN to ASA via anyconnect better?

Has anyone confirmed if CUCM 8.x supports phone proxy?


I have a customer who is using it successfully with a CUCM version 8.6(2a) cluster, an active/standby ASA 5510 pair running 8.2(2) code and 7942 remote IP phones. So it works but I will admit that I do not like the fact that it is not listed as supported and I prefer the IP phone VPN solution so I recommend you go that route if possible. Cisco now just needs to come up with a way to allow users to provision the remote VPN phone without first registering it to the CUCM locally in my opinion. I hope this helps.


I read on other posts that, SCCP version on these phones has to be 8.5.2 or lower to work with CUCM 8.6(2)a with ASA Phone proxy? Can you tell me what version of the firmware you have on your 7942. We currenly have around 20+ 7965 phones currently on 7.1.3 CUCM and in the plans to migrate 8.6(2)a. Just wanted to avoid any surprises post migration

Thanks!  Any more specifics on why the IP phone VPN solution is better?

I do not have any specific technical reasons to give you at this time but I believe it is more secure and the set up of it is less kludgy than the phone proxy in my opinion. Plus it uses SSL VPN so you can troubleshoot the connection using a computer and if you already familiar with how to provision SSL VPN on an ASA then there is very little learning curve to configure a profile for phones to use.

My original rant from 2009 covered most of the arguments. One additional point I can think of is that it did not support tunneling of any HTTP traffic (e.g. Corporate Directory, Extension Mobility, etc). If you wanted those to work you would have to expose Tomcat to the Internet as well.

In short, it's a workaround facilitated by the ASA and should not be considered a real solution.

Please remember to rate helpful responses and identify helpful or correct answers.

Agreed and spot on.

I understand the VPN solution is a good one, but we have already 100 proxy phones deployed and from what I read I'd need to first set up a VPN phone on the cluster before deploying it in the field. This would be difficult to do with users all over the country. Or am I missing something?

I have a question about our ASA though if anyone can answer it. We have to move from an ASA 5510 to a 5520 due to the 100 UC proxy-phone license limitation (even though we have 70 phones it appears that a UC license is taken up for each TFTP server configured on the phone - primary and secondary). When I configured the 5520 I can register new phones no problem. None of the existing phones will register until the CTL file is manually deleted on each phone. Is there a way to seamlessly migrate to the 5520? Such as using the same certs, CTL file etc.. on the 5520? When I configured it it generated it's own self-signed key and CTL file. I did import the certificates from CUCM...


I have implemented ASA UC proxy solution for my customer & also implemented for USA Customer . It is working fine .


Please let me know for any query . My email id is 


Thank You !


Recognize Your Peers
Content for Community-Ad