Which two statements describe security services that are provided by the Phone Proxy function on a Cisco ASA appliance? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.DE.
TLS Proxy is typically deployed in front of Cisco Unified Communications Manager and other unified communications application servers that utilize media encryption.
TLS Proxy is not designed to provide remote-access encryption services for remote phones or client endpoints.
Other solutions such as Cisco ASA Phone Proxy or IP Security/Secure Sockets Layer (IPsec/SSL) VPN services are more appropriate.
TLS Proxy is not designed to provide a secure campus soft phone solution where the requirement is to provide secure data to phone VLAN traversal or for proxying connections to Cisco Unified Communications Manager.
The Phone Proxy function on a Cisco ASA appliance is designed to provide security services for external IP phones that are connecting to an internal Cisco Unified Communications Manager (CUCM) cluster. Here are the two statements that describe the security services provided by the Phone Proxy function:
D. It provides a proxy of phone signaling, with optional use of NAT, to hide the Cisco Unified Communications Manager IP address from the public Internet. The Phone Proxy function provides a proxy for phone signaling, which means that it intercepts and relays signaling messages between external IP phones and the CUCM cluster. This allows the CUCM cluster to remain hidden from the public Internet, which helps to prevent attacks on the CUCM cluster. The Phone Proxy function can also optionally use Network Address Translation (NAT) to hide the IP addresses of the external IP phones from the public Internet.
C. It provides interworking to ensure that the external IP phone traffic is encrypted, as long as the Cisco Unified Communications Manager cluster runs in secure mode. The Phone Proxy function provides interworking between external IP phones and the CUCM cluster to ensure that phone traffic is encrypted. If the CUCM cluster is configured to run in secure mode, the Phone Proxy function will enforce encryption on all phone traffic that passes through it. This helps to prevent eavesdropping and unauthorized access to phone conversations.
The other statements in the answer choices are not accurate descriptions of the security services provided by the Phone Proxy function:
A. It is supported only on phones that use SCCP. This statement is not accurate. The Phone Proxy function can support both SCCP and SIP phones.
B. It is supported on an adaptive security appliance that runs in transparent mode. This statement is not accurate. The Phone Proxy function is supported on an adaptive security appliance that runs in routed mode.
E. It proxies phone media so that internal phones are not directly exposed to the Internet. This statement is not accurate. The Phone Proxy function only proxies phone signaling, not phone media. Phone media is typically handled by other devices, such as Cisco Unified Border Element (CUBE).
F. It supports IP phones that send phone proxy traffic through a VPN tunnel. This statement is not accurate. The Phone Proxy function does not support IP phones that send phone proxy traffic through a VPN tunnel.