Skip Links

Network World

Michael Morris

Cisco ASA IP Phone Proxy - My New BFF

By michaeljmorris on Sun, 06/07/09 - 9:01pm.

About six months ago we upgraded all of our global Cisco 3000-series VPN Concentrators to Cisco ASAs. A very smooth and nice upgrade for us that has provided a nice boost of per-user VPN performance (my download speeds from home via Cisco IPSec client on my laptop jumped from 2 Mbps to 8-9 Mbps).

As part of the purchase, our Cisco partner enticed us with some Cisco ASA IP Phone Proxy licenses. We've had it up and running for a couple months now and, after a recent ASA code upgrade, the IP Phone at my house has become my new best-friend-forever (BFF).



The ASA IP Phone Proxy works by tunneling IP Phone traffic via SSL to the ASA. The Cisco IP Phone runs TLS (SSL) itself and connects the ASA at the office. There is no Cisco home router or SOHO router at my house. Just a Cisco 7970 IP Phone manually configured with the ASA public IP as its TFTP server. The phone is connected to my home Linksys router; it DHCPs like any other device on my home network.


Photobucket

Once it reaches my corporate office, the ASA delivers the TFTP, signaling, and voice payload into the internal network (just like any other traffic). The IP Phone registers with the call manager and I have my office number at the house.


Photobucket

Now when someone calls my office number, it rings at the house. I can work from home without any difference from work and I don't have to mess with buggy softphones. I added a wireless headset to the phone and it's awesome. Outbound calls go via the ASA Proxy to our internal PSTN gateways so my home phone isn't tied up (wife love that). I also have my shortcuts for dialing internally.

Overall, this is a simple, kick-butt solution for mobile workers, executives, and contractors. It takes four things:

  1. a Cisco IP Phone
  2. an ASA VPN box
  3. an ASA TLS Proxy license
  4. a broadband connection

Hook it up and go!!

I am looking forward to rolling this out for our users.

More >From the Field blog entries:

Too Many IOS Versions, Something's Gotta Give Soon

(Network) Engineering a Merger

Applying Accounting Measures to Data Networking Financial Performance

Is RTP Becoming a Favored Location for Data Centers?

Next Round of CCDE Practical Results Coming Today

Today's Incredible International Submarine Cable Systems

  Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.

About From the Field

Michael Morris is a communications engineering manager at a $3-billion high-tech company. His background is in enterprise WANs working with telcos and developing large-scale routing designs. He has worked on networks at government and corporate organizations, including networks at two Fortune 10 companies. In his current role, he leads a team of 10 engineers responsible for large-scale IT networking projects and architectural standards for data networks, storage area networks, IP telephony, contact centers, and security. Michael is CCIE #11733 and recently became one of the first three Cisco Certified Design Experts (CCDE) ever (#20080002). He has 11 years experience in networking and communications, including four years as a paratrooper in the U.S. Army. He has a bachelor's degree in MIS from the University at Buffalo and is working on his MBA from NC State University. In 2008, he was awarded the Network Professional Association (NPA) Professional Excellence and Innovation Award for his work on network architecture, templates and enterprise MPLS design.

Contact him.

Michael Morris's From the Field blog is also featured on the Cisco Learning Network. See it there, along with the blogs of other Cisco Experts.

 

Most Discussed Posts