What is "Cisco STG" and why would it dynamically replace a wildcard certificate on port 5061?

sip ssl-certificate wireshark cisco lync-2013

It appears that someone can't spell phoneproxy correctly when they typed it in setting it up.

Regardless it's for CUCM's phone proxy feature on an ASDM firewall.

See here: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/unified_comm_phoneproxy.html

Here's the gist of it:

The Cisco Phone Proxy on the ASA bridges IP telephony between the corporate IP telephony network and the Internet in a secure manner by forcing data from remote phones on an untrusted network to be encrypted

Basically it appears that the user is getting held up on the firewall by this feature. The default port for the feature is 5061, and you'll likely find ACL's in the firewall for this port and feature setup.

As far as how to get around it or rid of it? You can see here for a similar type discussion: https://supportforums.cisco.com/discussion/11562066/jabber-vcs-control-issue-inbound-tls-negotiation-error but you'll need to make sure CUCM and this feature is no longer needed and remove the class mapping and remove the ACLs and replace them with the proper ones for Lync to use 5061 instead.

Related

postfix "User doesn't exist" but user does exist
Win32_OperatingSystem.FreePhysicalMemory and $_.TotalVisibleMemory giving output in wrong units
replace or remove GPG signature on RPM
Pacemaker error on failback with drbd
Can you use configuration management (Puppet/Chef) behind a firewall?
defrag /x - consolidate free space not really working - Windows Server 2012
SCCM SUP cannot connect with WSUS Server - WSUS Server version 3.0 SP2 or above is not installed
What do the default opsworks cookbooks actually do?
Azure AD SAML2 SSO wrong NameID format
NetApp Backup Strategy - Snapshots to SnapMirrors to Tape?
Resource Monitor - Disk - Response Time
pf (Mac OS X) rule to redirect all traffic to a specific ip/port