ASA Phone Proxy as Replacement for Sipera
Appia is migrating remote phone users on Chicago based Callmanagers to ASA Phone Proxy as a replacement for the Sipera system. This document explains how to convert a phone / set up a new phone and troubleshoot remote phone registration.
There are two ASA clusters dedicated to the Phone Proxy function. Details are below:
Remote Phone TFTP Setting
No configuration is necessary on the ASA cluster, only the phone configuration in Callmanager and the phone itself need updating. Configuration steps below assume a working phone. For new phones, add the device as normal, then follow the steps below.
- Navigate to the phone, and scroll down to the section labeled Certification Authority Proxy Function (CAPF) Information
- Change the Certificate Operation field to Install / Upgrade, Authentication Mode to By Authentication String, and enter 1234 in the Authentication String field. Save your changes and reset the phone.
- Click on the Settings button on the phone and select Network Configuration. If the menu shows IPv4 Configuration, select that option.
- Enter **# on the phone keypad. The lock icon in the top right corner of the screen should open. Scroll through the settings until you see the Alternate TFTP option. This should be set to Yes. Change the setting as necessary.
- Scroll up until you see the TFTP Server 1 setting. Click the Edit softkey and change to 18.104.22.168 for CHI-CM1 or 22.214.171.124 for CHI-CM2. Press the Validate softkey when finished, then press the Save softkey.
- When the phone finishes rebooting, click on the Settings button on the phone and select Security Configuration. You may need to scroll down to find this setting.
- Scroll down to LSC and click the Update softkey. Enter 1234 as the Authorization String, then click Submit. You should see LSC Pending. When that changes to LSC Installed, press **#** on the keypad to reboot the phone if it does not reboot on its own. When the phone finishes rebooting, it should be ready to use.
Below are some common commands that can be run on the ASA to diagnose issues.
Show phone-proxy secure-phones
This command shows phones registered with the ASA phone proxy. Sample output is listed below:
ASA-phone-proxy: 2 in use, 2 most used
Interface IP Address Port MAC Timeout Idle
Outside 126.96.36.199 50706 0024.c4be.4577 0:05:00 0:00:11
Outside 188.8.131.52 50409 000d.299d.5416 0:05:00 0:00:13
Note the port number column – if the port shown is zero (0) the phone is registered through the ASA but is not using the proxy and will not work properly. This is usually shown before the LSC is updated on the phone.
Show phone-proxy media-sessions
This command shows media sessions for calls in progress. Note that the ASA anchors the media for both the proxied phone and the other party.
2 in use, 2 most used
Media-session: 184.108.40.206/31862 :: client ip 220.127.116.11/21284
Lcl SRTP conn 18.104.22.168/31862 to 22.214.171.124/19482 tx_pkts 1449 rx_pkts 1450
Media-session: 126.96.36.199/31790 :: client ip 188.8.131.52/19482
Lcl RTP conn 184.108.40.206/31790 to 220.127.116.11/21284 tx_pkts 1450 rx_pkts 1452
Debug phone-proxy tftp
This debug command will show the download of configuration and phone firmware files as well as the rewrites done on the Callmanager server IP addresses. Please escalate to engineering if you need this level of detail.