McDewey
/mcpPage 132
↗ View in doc contextReplacing ASA certificates results in non-availability of Unified Communications Manager. Note Procedure Step 1 Local configuration a) Configure network interface. Example: ciscoasa(config)# interface Ethernet0/0 ciscoasa(config-if)# nameif outside ciscoasa(config-if)# ip address 10.89.79.135 255.255.255.0 ciscoasa(config-if)# duplex auto ciscoasa(config-if)# speed auto ciscoasa(config-if)# no shutdown ciscoasa#show interface ip brief (shows interfaces summary) b) Configure static routes and default routes. ciscoasa(config)# route <interface_name> <ip_address> <netmask> <gateway_ip> Example: ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 10.89.79.129 c) Configure the DNS. Example: ciscoasa(config)# dns domain-lookup inside ciscoasa(config)# dns server-group DefaultDNS ciscoasa(config-dns-server-group)# name-server 10.1.1.5 192.168.1.67 209.165.201.6 Step 2 Generate and register the necessary certificates for Unified Communications Manager and ASA. Import the following certificates from the Unified Communications Manager. • CallManager - Authenticating the Cisco UCM during TLS handshake (Only required for mixed-mode clusters). • Cisco_Manufacturing_CA - Authenticating IP phones with a Manufacturer Installed Certificate (MIC). • CAPF - Authenticating IP phones with an LSC. To import these Unified Communications Manager certificates, do the following: a) From the Cisco Unified OS Administration, choose Security > Certificate Management. b) Locate the certificates Cisco_Manufacturing_CA and CAPF. Download the.pem file and save asa .txt file. c) Create trustpoint on the ASA. Example: ciscoasa(config)# crypto ca trustpoint trustpoint_name ciscoasa(ca-trustpoint)# enrollment terminal ciscoasa(config)# crypto ca authenticate trustpoint_name Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 90 Remote Network Access Configure ASA for VPN Client on IP Phone
