If what you are trying to do is not change the embedded IP address of the SIP messages, you just need to remove the SIP inspection. Regards, Luis Sandi .:|:.:|:. P.S Please mark this question as answered if it has been resolved. Do rate helpful posts. ... View more

Ven, I hope you are doing great, Can you confirm the TFTP options on the phone. Can you confirm if you download the ip phone configuration file if the phone have both call agents. Can you confirm if the database replication its OK? Can you provide an SDI at debugging level and SDL trace at the moment of the registration from both CUCM servers? Regards, Luis Sandi .:|:.:|:. P.S Please mark this question as answered if it has been resolved. Do rate helpful posts. ... View more

Well in that case I am glad everything its working now. ... View more

Michael, I hope you are doing great, I would like to confirm if you can post from the ASA the following information: debug sip debug sip ha Regards, Luis Sandi ... View more

Hello, By any chance can you send me the show run of your ASA? Regards, Luis Sandi ... View more

1. Do I configure these commands above on the ASA, then ASA generate the CTL file ? On the ASA you configure the flowing: ctl-file ctl_phoneproxy_file record-entry cucm-tftp trustpoint phoneproxy_trustpoint address (Public IP of CUCM)   record-entry capf trustpoint capf_trustpoint address (Public IP of CUCM) no shut When you do the no shutdown the ASA will write the CTL file on flash. 2. How to send this CTL file to the phone via tftp ? You need to point the IP phone to the public IP address you have configured to be the translation of the CUCM. 3. Also I think I need to enable IP phone VPN feature on the ASA beside the premium SSL VPN license Phone  VPN and Phone Proxy are different features and for the Phone Proxy feature you will have 2 licenses on your ASA that you can use to test up  to two remote phones. Here is the configuration example for ASA on version 8.0 https://supportforums.cisco.com/docs/DOC-5704 I hope this will be helpful. Regards, Luis Sandi ... View more

Peter, I hope you are doing great, I was trying to find any QoS configuration example with ASDM but I was unable to find it, I do apologize for that but I found the CLI configuration example: https://supportforums.cisco.com/docs/DOC-1230 Also I would like to remind you that the ASA can not perform QoS marking so you will need to mark the packets on the switch itself. When you have that if you do  have any questions feel free to post them here and we will help you. Regards, Luis Sandi ... View more

To configured the CTL file: ctl-file ctl_phoneproxy_file record-entry cucm-tftp trustpoint phoneproxy_trustpoint address (Public IP of CUCM)   record-entry capf trustpoint capf_trustpoint address (Public IP of CUCM) no shut With that you create the CTL file that will tell the phones wich call managers he can use. To configure the TLS proxy: tls-proxy ASA-tls-proxy server trust-point _internal_PP_ctl_phoneproxy_file The server trust point need this format: _internal_PP_(Name of CTL FILE) CAPF stands for Certificate Authority Proxy Function (This will be used to provision the LSC certificate to old phones like 7960 and 7940) For your deployment it will not be required which means that you do not need this line on the CTL file: record-entry capf trustpoint capf_trustpoint address (Public IP of CUCM) I hope this will be helpful. Regards, Luis Sandi ... View more

From the ASA point of view, there is no workaround, but in order to  decrease the network utilization on the phones/ASA bandwidth you can  actually configure the region on the phones to use g.729 on the call  manager, making the phones to use less bandwidth when they connect the  audio streams. I hope this will be helpful. Regards, Luis Sandi ... View more

Hi Sefeddine, Also I would like to confirm you that the SIP protocol  it is supported by the phone proxy feature you just need to configure  something like this: class-map sec_sip match port tcp eq 5061 policy-map voice_policy class sec_sip inspect sip phone-proxy ASA-phone-proxy That will make the phone work using SIP except: Cisco Unified IP Phone 7960 (SCCP protocol support only) Cisco Unified IP Phone 7940 (SCCP protocol support only) I hope this will be helpful. Regards, Luis Sandi ... View more

Gordon, I would like to let you knwo that the alternate TFTP server have to be configured on the phone itself by the user: Phone Configuration and Tasks To perform a soft-restart of the phone, press "* * # * *" from the "Settings" menu Setting the tftp-server To set the TFTP server on the phone, do the following Press the "Settings" button Choose "3 - Network Configuration" Press "* * #" to unlock the phone. You will see the lock icon in the upper right of the phone change to an unlocked symbol. Ensure that option "24 Alternate TFTP" (on older phones it might be option 32) is set to "YES" Set the correct TFTP server address under option "8 TFTP Server 1" Deleting the CTL file on the phone Press the "Settings" button Choose "6 - Security Configuration" Unlock the phone with "* * #" Choose "5 - CTL file" Press the "Erase" button Viewing the status messages on the phone Press the "Settings" button Choose "5 - Status" Choose "1 - Status Messages" I hope this will be helpful. Regards, Luis Sandi ... View more

Marin, I hope you are doing great, Also I would like to remind you that in order to verify if the ASA is dropping packets you can do a: capture asp-drop type asp-drop all and after that you can do: show capture asp-drop | include (ip address receiving the ICMP packets) I hope this will be helpful. Regards, Luis Sandi ... View more

Zach, I hope you are doing great, By any chance can you post the rotuer configuration, and also if you can provide a packet capture of the working and failling comunication that would be very helpful. Regards, Luis Sandi ... View more