This document is meant to assist with configuring LSC provisioning on an Adaptive Security Appliance (ASA) running the Phone Proxy (PP) feature. It is meant specifically for the 7960 or 7940 phones which do not come with a Manufacturer Installed Certificate (MIC) and need to use a Locally Significant Certificate (LSC) to register securely with PP. This also assumes that you are running a nonsecure Cisco Unified Call Manager (CUCM).
Familiar with the ASA CLI
Familiar with CUCMs’ management interface
ASA and CUCM clocks are set to the correct time.
Ensure that you meet these requirements before you attempt this configuration:
The phone you are using is able to register on the inside of the ASA.
CUCM 6.x, 7.x, 8.0.x
ASA 8.0.4 or later with phone proxy configured.
Secure USB tokens are NOT required.
The Steps for configuration are outlined below:
1)Configure CUCM to provision a LSC
Cisco Unified Serviceability > Tools > Service Activation
Select Cisco CTL Provider
Select Cisco Certificate Authority Proxy Function (CAPF)
2)Copy the CAPF Certificate from the CUCM
Cisco Unified OS Administrator
Security > Certificate Management > Find
Click on CAPF.pem
Download the CAPF.pem file
3)Create a trustpoint and import the cert on the ASA
On ASA cli
PhoneProxyASA(config)# crypto ca trustpoint capf_trustpoint
Hi,I can't install Cisco Anyconnect Secure Mobility Client in my computer with Debian 10. I have tried to install Anyconnect client with a file called anyconnect-linux64-4.4.03034-core-vpn-webdeploy-k9.sh provided for a server of my university.I run the f...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
Hello, I'm building an API that automates interactions with a cluster of Cisco ASAs. Part of this process is creating new DAP policies that associate an LDAP group with a network ACL. This appears to be trivial to do using the ADSM ...
HiI am using vESA with AsyncOS 13.5.3-10 and I got following errors in reputation log:- Error occurred while connecting your appliance to the Cisco Talos cloud service.- You must not decrypt the HTTPS traffic originating from the appliance on a netwo...
Hello everyoneI would like a clarification on the native vlan.By default a vlan is used, for example 99 as a native vlan without assigning any access port to avoid double tagging attacks.What is not clear to me is:1) Why do I have to set as a native vlan ...