44-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 44 Configuring the TLS Proxy for Encrypted Voice Inspection
CTL Provider
The Add TLS Proxy Instance Wizard – Other Steps dialog box opens. The Other Steps dialog box
provides instructions on the steps to complete outside the ASDM to make the TLS Proxy fully functional
(see “Add TLS Proxy Instance Wizard – Other Steps” section on page 44-12).
Add TLS Proxy Instance Wizard – Other Steps
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
The last dialog box of the Add TLS Proxy Instance Wizard specifies the additional steps required to
make TLS Proxy fully functional. In particular, you need to perform the following tasks to complete the
TLS Proxy configuration:
• Export the local CA certificate or LDC Issuer and install them on the original TLS server.
To export the LDC Issuer, go to Configuration > Firewall > Advanced > Certificate Management >
Identity Certificates > Export. See the “Exporting an Identity Certificate” section on page 35-17.
• For the TLS Proxy, enable Skinny and SIP inspection between the TLS server and TLS clients. See
the “SIP Inspection” section on page 38-23 and the “Skinny (SCCP) Inspection” section on
page 38-36. When you are configuring the TLS Proxy for Presence Federation (which uses CUP),
you only enable SIP inspection because the feature supports only the SIP protocol.
• For the TLS Proxy for CUMA, enable MMP inspection.
• When using the internal Certificate Authority of the adaptive security appliance to sign the LDC
Issuer for TLS clients, perform the following:
–
Use the Cisco CTL Client to add the server proxy certificate to the CTL file and install the CTL
file on the adaptive security appliance.
For information on the Cisco CTL Client, see “Configuring the Cisco CTL Client” in Cisco
Unified CallManager Security Guide.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/5_0_4/secuauth.html
To install the CTL file on the adaptive security appliance, go to Configuration > Firewall >
Unified Communications > CTL Provider > Add. The Add CTL Provider dialog box opens. For
information on using this dialog box to install the CTL file, see the “Add/Edit CTL Provider”
section on page 44-6.
–
Create a CTL provider instance for connections from the CTL clients. See the “Add/Edit CTL
Provider” section on page 44-6.
Edit TLS Proxy Instance – Server Configuration
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
The TLS Proxy enables inspection of SSL encrypted VoIP signaling, namely Skinny and SIP, interacting
with Cisco Call Manager and to support the Cisco Unified Communications features on the adaptive
security appliance.
To Next Page
Loading...
Need help?
General
