ASA license for Cisco IP Phone over VPN
Hi,
Are there special licenses required on the ASA to use Cisco IP Phones (Hard phone) over SSL VPN connection?
Thanks
Hi,
You can purchase the phone proxy license. This elimiates the need to build a VPN tunnel for voice traffic.
It is not mandatory to purchase this license however.
From the ASA configuration guide:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/unified_comm_phoneproxy.html#wp1144845
"The Cisco Phone Proxy on the adaptive security appliance bridges IP telephony between the corporate IP telephony network and the Internet in a secure manner by forcing data from remote phones on an untrusted network to be encrypted. "
Don't forget to rate all posts that are helpful.
Similar Messages
-
Hi
I am trying to set up a anyconnect VPN for Cisco 9971, so that I can use it at home. the tunnel has up, I've tested it but Phone got the following error message:
11:56:11 Updating Trust List
11:56:11 Trust List updated
11:56:12 SEP0011111111.cnf.xml.sgn (HTTP)
11:56:13 VPN Error: VPN is not Configured.
12:14:40 Reset requested by CUCM
12:15:14 DNS Timeout
12:15:14 Updating Trust List
12:15:14 Trust List updated
12:15:15 SEP0011111111.cnf.xml.sgn (HTTP)
12:15:16 VPN Error: VPN is not Configured.
Any help would be appreciated.
By the way, this is a SIP phone.Hi,
You can purchase the phone proxy license. This elimiates the need to build a VPN tunnel for voice traffic.
It is not mandatory to purchase this license however.
From the ASA configuration guide:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/unified_comm_phoneproxy.html#wp1144845
"The Cisco Phone Proxy on the adaptive security appliance bridges IP telephony between the corporate IP telephony network and the Internet in a secure manner by forcing data from remote phones on an untrusted network to be encrypted. "
Don't forget to rate all posts that are helpful. -
Hello friends!
I'm developing an application for Cisco IP Phones that whorks with JMF. Since there are some programmers in this forum that knows Cisco IP phones, I send my question here.
I was send succefully the XML message to phone (CiscoIPPhoneExecute), I was customized the paket's size to 160, etc. All works aparently. But audio stream does not reach to phone. Can anyone tell me why??
Below I write my source code.
Tanks!
Max.
import java.io.*;
import java.net.*;
import java.util.*;
import org.apache.xerces.impl.dv.util.Base64;
import javax.media.*;
import javax.media.control.*;
import javax.media.format.*;
import javax.media.protocol.*;
* @author Administrator
public class MMHTTPPost {
/** Creates a new instance of MMHTTPPost */
public MMHTTPPost() {
try {
* Envia el CiscoIPPhoneExecute al telefono
String xml = new String("<CiscoIPPhoneExecute>"+
"<ExecuteItem Priority=\"0\" URL=\"RTPRx:Stop\"/>"+"<ExecuteItem Priority=\"1\" URL=\"RTPRx:10.1.15.10:23480\"/>"+
"</CiscoIPPhoneExecute>");
String userId = "Max",
password = "12345",
basicAuth = "Basic ",
params = "XML=" + URLEncoder.encode(xml, "ISO-8859-1" );
byte[] bytes = params.getBytes();
// Create a URL pointing to the servlet or CGI script and open an HttpURLConnection on that URL
URL url = new URL( "http://10.1.15.56/CGI/Execute" );
HttpURLConnection con = ( HttpURLConnection ) url.openConnection();
// Indicate that you will be doing input and output, that the method is POST, and that the content
// length is the length of the byte array
con.setDoOutput( true );
con.setDoInput( true );
con.setRequestMethod( "POST" );
con.setRequestProperty( "Content-length", String.valueOf( bytes.length ) );
// Create the Basic Auth Header
Base64 encoder = new Base64();
basicAuth = (String)encoder.encode( ((String)(userId + ":" + password)).getBytes() );
System.out.println("Codificado: " + basicAuth);
con.setRequestProperty( "Authorization", "Basic " + basicAuth.trim() );
// Write the parameters to the URL output stream
OutputStream output = con.getOutputStream();
output.write( bytes );
output.flush();
// Read the response
BufferedReader input = new BufferedReader( new InputStreamReader( con.getInputStream() ) );
while ( true ) {
String line = input.readLine();
if ( line == null )
break;
System.out.println( line );
input.close();
output.close();
con.disconnect();
* Aca empieza la parte RTP/JMF
// Create a Processor for the selected file. Exit if the
// Processor cannot be created.
Processor processor = null;
try {
String mediaUrl = "file:\\C:\\pruebas execute\\spacemusic.au";
processor = Manager.createProcessor( new MediaLocator(mediaUrl));
} catch (IOException e){
System.out.println("Exception occured (1a): " + e);
} catch (NoProcessorException e){
System.out.println("Exception occured (1b): " + e);
// configure the processor
//processor.configure();
//Espera el estado Processor.Configured
boolean result = waitForState(processor, Processor.Configured);
if (result == false)
System.out.println("No se pudo configurar el procesador...");
// Block until the Processor has been configured
TrackControl track[] = processor.getTrackControls();
boolean encodingOk = false;
// Go through the tracks and try to program one of them to
// output ulaw data.
for (int i = 0; i < track.length; i++)
if (!encodingOk && track[i] instanceof FormatControl)
if (((FormatControl)track).setFormat( new AudioFormat(AudioFormat.ULAW_RTP,8000,8,1)) == null)
track[i].setEnabled(false);
else
encodingOk = true;
else
// we could not set this track to ulaw, so disable it
track[i].setEnabled(false);
*Aqu? se cambia el tama?o del paquete a 160
if (((TrackControl)track[i]).isEnabled()) {
try {
System.out.println("Cambiando la lista de codecs...");
Codec codec[] = new Codec[3];
codec[0] = new com.ibm.media.codec.audio.rc.RCModule();
codec[1] = new com.ibm.media.codec.audio.ulaw.JavaEncoder();
//codec[2] = new com.ibm.media.codec.audio.ulaw.Packetizer();
codec[2] = new com.sun.media.codec.audio.ulaw.Packetizer();
((com.sun.media.codec.audio.ulaw.Packetizer)codec[2]).setPacketSize(160);
((TrackControl)track[i]).setCodecChain(codec);
catch (Exception e){
System.out.println("Error al cambiar el tamano del paquete: " + e);
System.out.println("Encoding ok?: " + encodingOk );
// At this point, we have determined where we can send out
// ulaw data or not.
// realize the processor
if (encodingOk)
//processor.realize();
// block until realized.
// get the output datasource of the processor and exit
// if we fail
//Espera el estado Processor.Realized
result = waitForState(processor, Processor.Realized);
if (result == false)
System.out.println("No se pudo realizar el procesador...");
DataSource ds = null;
try
ds = processor.getDataOutput();
catch (NotRealizedError e)
System.out.println("Exception occured(2): "+e);
// hand this datasource to manager for creating an RTP
// datasink.
// our RTP datasink will multicast the audio
try
String mediaUrl= "rtp://10.1.15.56:23480/audio/1";
MediaLocator m = new MediaLocator(mediaUrl);
DataSink d = Manager.createDataSink(ds, m);
d.open();
d.start();
catch (Exception e)
System.out.println("Exception occured(3): "+e);
catch ( MalformedURLException murlex )
System.out.println( murlex );
catch ( IOException ioex )
System.out.println( ioex );
* @param args the command line arguments
public static void main(String[] args) {
new MMHTTPPost();
* Convenience methods to handle processor's state changes.
private Integer stateLock = new Integer(0);
private boolean failed = false;
Integer getStateLock() {
return stateLock;
void setFailed() {
failed = true;
private synchronized boolean waitForState(Processor p, int state) {
p.addControllerListener(new StateListener());
failed = false;
// Call the required method on the processor
if (state == Processor.Configured) {
p.configure();
} else if (state == Processor.Realized) {
p.realize();
// Wait until we get an event that confirms the
// success of the method, or a failure event.
// See StateListener inner class
while (p.getState() < state && !failed) {
synchronized (getStateLock()) {
try {
getStateLock().wait();
} catch (InterruptedException ie) {
return false;
if (failed)
return false;
else
return true;
* Inner Classes
class StateListener implements ControllerListener {
public void controllerUpdate(ControllerEvent ce) {
// If there was an error during configure or
// realize, the processor will be closed
if (ce instanceof ControllerClosedEvent)
setFailed();
// All controller events, send a notification
// to the waiting thread in waitForState method.
if (ce instanceof ControllerEvent) {
synchronized (getStateLock()) {
getStateLock().notifyAll();ignore my last post.. I didn't properly read the source code.
Anyway, I got g.711 streaming to work. I started out using the AVTransmit2 sample, but set the audio output format to what is used in the source code posted here. I've also applied the same codec chain described above, and that was it.
I could never get streaming to work using the first RTP streaming method described in the JMF Programmers guide (and this is the method used in the source posted above), but using the RTPManager, things work just fine. -
User License for Cisco CUCM 7.1.3
Hi
I need 30 unit license for Cisco Communication Manager 7.1. But I found that it's already end of sale.
I want the unit license part number for cisco cucm 7.1.3 version.
And i found revised part numbers for user license (CUCM-USR-LIC ) but those for 8,x versions. If i purchase that will it support in CUCM 7.1.3?
Thanks in advance.Hi,
CUCM 7 is already end of sale.
CUCM 7.1.5 supports UCL.If we refer the ordering guide of CUCM 8.5, you can get UCL licenses [Basic/essential].
http://www.cisco.com/web/partners/downloads/partner/WWChannels/technology/ipc/downloads/UC_8_6_OG.pdf
What I think if u place the order , you should get the licenses and at the backened, it would be DLU.
You can also speak to Cisco SE for further clarity.
regds,
aman -
Cisco 6807 and 6800ia Swtich QOS for Cisco ip phones
Does anyone have an example of configuring a 6800ia switch port connected to a 6807VSS parent for cisco ip phones qos. Normally we'd use auto qos voip but auto qos is not supported on 6800IA switches.
Cant find any cisco documentation of what the IA switches port config should look like for a cisco ip phone.
Any help would be appreciated.
Thanks,
DaveI'd leave QoS alone.
-
What to support for Cisco IP Phone 7912?
dear all. please help me!!!
I have a 7912 ip phone, and using Cisco CME in 1760, but I do not see this type 7912 ip phone telephony service there. whether it was true ip 7912 phone is not support for the Cisco 1760 CME. and whether support for the cisco 7912 ip phone? whether the telephony-service configuration is equal to the telephony-service configuration for the ip phone 7940?
please help me !!!Hi to all
Please I ned some advice , I was try to reset to factory defaults a Cisco IP Phone 7912 and I was failed .
Please can you help me ?
Thanks a lot !
Hugo Baez -
IP application for Cisco IP Phones - Banner Ad Rotator
Looking for an application to advertise on the Cisco IP Phones running Call Manager at a Hotel. Has anyone found anything or use a Banner Ad Rotator on the phones?
While the CCM simulator works for really simple things, you'll often find the need to access information available only on a real call-manager so running a virtual machine with a real system is preferable.
And once you have the app up and running on the IP Communicator (contact your Cisco ACM to get one), you need a physical phone to continue testing because there's a difference between the IP Communicator and physical phones and you need to make sure you have your app tested on the actual hardphone (preferably with the load that the customer uses though things have gotten a lot better in that area.. if the customer has a halfway up-to-date phone load then you should be fine). -
Generate Active load report for Cisco IP Phones
Hello All,
We have a cluster contains around 24,000 IP phones, and we have a migration very close so we want to get the report of the phones whichever running with the old phone firmware.
Our current active load should be : SCCP42.9-3-1SR2-1S
So please let me know, is there any way me to run a report and get the details of the active load for all the phones ?
Thanks.I believe the solutions below will address your concerns.
The PC that is daisy chained to the IP phone could capture the mac adresses by the attacker reading it physically on the IP phone and then set the pc network port to that mac address.The attacker could then configure its own verified MAC adress on a loopback interface, thus the PC would be able to access both its Data VLAN and the former IP Phones Voice VLAN.
And since the link between the Switch and the IP Phone acts like a trunk link VLAN hopping can occur.
********To prevent the end user from reading the mac address on the bottom of the phone, you could physically remove the mac label. To prevent the end user from seeing the mac via the phone display, you would disable the Setting access setting the in the phone configuration in call manager, which would prohibit access to the settings button on the phone.
Another attack vector would be a Cisco switch configured for CDP and configured with the same MAC address as either the IP Phone or the PC. The attacker could then gain ciritical information about the state of the Corporate switch. In order for this to work the switch would need to have STP disabled so no BPDU would get broadcasted.
***********In this scenario, you could leave stp enabled, but enable bpdu guard on the port, then if it receives any bpdus, it could place the port in err-disable state.*************
The final attack I can think of is that the PC launches a Double VLAN tagging assault by tagging its packet as the Voice VLAN and then encapsulating the desired attack VLAN inside than Voice VLAN tag.
*************To prevent double vlan tagging by the pc, you would disable the pc voice vlan for the phones within the call manager.***********
Hope this helps. -
User Guide for Cisco UC Phone 7937
Can anyone supply me with a URL for downloading a basic user's guide for the UC 7937 Phone?
Hello ttrovato 1,
Here are some links where you will be able to find the information about the conference ip phone 7937G.
Administration guide:
Link:http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cuipph/7937g/6_0/english/administration/guide/37adm60.pdf
Phone guide:
Link:http://www.msl.ubc.ca/sites/default/files/cisco-teleconference-phone-userguide.pdf
Latest Firmwares:
Link:https://software.cisco.com/download/release.html?mdfid=281433475&softwareid=282074289&release=1.4%285%29&relind=AVAILABLE&rellifecycle=&reltype=all
Specifications Overview:
Link: http://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-conference-station-7937g/model.html
Enjoy it.
Regards,
Gerson -
Forced Authorization Code For Cisco SIP Phone 3905
Hi Team,
Can i configure Cisco SIP Phone 3905 to use Forced Authorization Code ? I am using Call Manager 9.X.
Regards,
Praful SartapeHi Praful,
Yes you right for CME but for CUCM some sip phones supports FAC , as far as 3905 is concerned it supports FAC .
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/3905/8_6/english/admin_guide/IP05_BK_CDEEDD7F_00_admin-guide-3905_chapter_0101.html#IP05_RF_A5029279_00
I didnt find link for CUCM 9.x but that above link will help.
And also check this thread- https://supportforums.cisco.com/thread/2125452
Rate all the helpful post.
Thanks
Manish -
Contact Center Enhanced License for Cisco 2951 Router
Hi,
I need an urgent help to get the exact part number/details of Contact center enhanced license.
I couldn't find in CCW or any other tool about this license with Cisco 2951 Router (CISCO2951-V/K9).
To run this license on mentioned router, do we need to order it separately or we can take it with router?
Please respond asap.Hi Andre,
I was just refering the Ordering guide which says
Updating UCSS contract when upgrading Unified CCX licenses
UCSS cannot be upgraded from one category to another (e.g. Standard to Enhanced). If
the customer upgrades within the solution, they need to purchase UCSS for greater or
equal value to cover the new version, then they can request a credit on the unused term
of the original purchase from Customer Service
you can also speak to [email protected] for more details on ESW.
regds,
aman -
Security License for Cisco 3900 Series
Hi,
I am having Security License (SL-39-SEC-K9) for Cisco 3900 Series router, Can somebody help me to provide sample config to configure 3945 router to act as firewall. Is there any difference with the native IOS based firewall config..
Regards,
MukeshHere is a detailed instruction on ISR G2 licensing (including downloading, installing, rehosting license, etc.).
Usually, you just need to go to cisco.com/go/license, enter PAK and follow detailed instructions.
HTH
Alexandr -
HP 3800 switch port-security one mac in two VLAN for Cisco IP Phone
Hellow all!
I'm want use port-security for ports on my HP 3800. But PC connected
to network via PC port on Cisco ip phone. For phone used 10 voice VLAN,
for data - 1 VLAN (native). Cisco phone add self mac-address in these
two VLAN. On Cisco Switch 2960 i resolve this for 4 command:
switchport port-security maximum 3
switchport port-security mac-address pc_mac
switchport port-security mac-address ip_phone_mac
switchport port-security mac-address ip_phone_mac vlan voice
How i can add one mac in two VLAN's on HP 3800 Switch?
Sorry for my English, please ^_^
This topic first appeared in the Spiceworks CommunityHi Kuarzo, please reference the following;
https://supportforums.cisco.com/document/116426/how-configure-dynamic-mac-port-security-sx300
https://supportforums.cisco.com/document/116256/how-configure-static-mac-port-security-sx300 -
Recording for Cisco IP Phones and Cisco C90 Codec
Hello
We are looking for a solution that is capable to record both Cisco IP Phones and Cisco Codec C90.
We are using CUCM 9.X for IP Phones and VCS 7.X for Cisco Codecs.
Is their any third party solution available for both the requirements or do i have to go with TCS and any other third party recording solution.
Thanks & Regards
Aniket PatilMy reply may be too late to be of any help to you, but for the benefit of others:
Be sure you understand the different types of PoE out there. The Linksys PoE switch only supports the newer IEEE 802.3af PoE standard.
The 7940, 7960, 7905 and other older Cisco phones only support Cisco pre-standard PoE and thus will not work with the 802.3af Linksys Switch.
To use this switch, you will need to make sure you are using the newer 7070, 7961, 7941 phones with support both pre-standard and 802.3af PoE.
All the best,
John -
Problem with IP phone over VPN
| UC520 | ------------------------ | 861 |
| |
LAN LAN
Scenario:
UC520 box is at HQ and serving as a EZVPN server and 861 at branch as a EZVPN client. There is no problem with VPN i can communicate with HQ network. My ip phone get registered but facing these problems.
1) Dialling out and in OK
2) Connects OK after picking up
3) NO sound either way
4) Cannot end call from this side. End call button does not work
5) When other end hangs up - message "UCM down, features disabled". Then phone registers again.
Identical symptoms for both softphone and 7941.This document provides a sample configuration for Quality of Service (QoS) for Voice over IP (VoIP) traffic on VPN tunnels that terminate on the PIX/ASA Security Appliances.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
Maybe you are looking for
-
Creative cloud installer application won't initialize installer
I first noticed this issue when I tried to update the creative cloud for desktop application. Whenever I would choose to update the actual CC application, it would bring up a progress bar window title that would say "Initializing Installer" and freez
-
I never have problems with Firefox before. I usually don't put my Mac on sleep mode but I did do that last night. I don't know if that caused the problem or not. I tried to restart my computer thinking that might help but it didn't.
-
Mavericks not showing up in Purchases tab
For some reason, whenever I download Mavericks (which has been multiple times), it doesn't show up in my purchases tab. It simply says that I haven't yet bought any apps. Is there a reason for this, or does it even matter? I'd like it to show up just
-
Hi all and specially the iChat Apple people here. I've bought a Mac Mini last weekend and i'm already disappointed. iWeb makes images too big (replacement any old webdesigh tools), Safari works with only 50% of the sites (alternative Firefox), iChat
-
I have a web dynpro application opens an interactive form and once a user fills it out it creates an activity on the crm backend. That works fine. What I'd like to do is take the adobe form and attach it to the newly created activity. I am able to at