EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1326 background imageLoading...
Page #1326 background image
1-22
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Step 3
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
For outbound connections, controls the TLS
handshake parameter for the cipher suite.
Where
cipher_suite includes des-sha1, 3des-sha1,
aes128-sha1, aes256-sha1, or null-sha1.
For client proxy (the proxy acts as a TLS client to
the server), the user-defined cipher suite replaces the
default cipher suite, or the one defined by the ssl
encryption command. Use this command to achieve
difference ciphers between the two TLS sessions.
You should use AES ciphers with the Cisco UCM
server.
Step 4
hostname(config-tlsp)# exit
Exits from the TLS proxy configuration mode.
Step 5
hostname(config)# tls-proxy proxy_name
Example:
hostname(config)# tls-proxy remote_to_local-ent
Create the TLS proxy for inbound connections.
Step 6
hostname(config-tlsp)# server trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# server trust-point local-ent
For inbound connections, specifies the proxy
trustpoint certificate presented during TLS
handshake. The certificate must be owned by the
adaptive security appliance (identity certificate).
Where proxy_trustpoint specifies the trustpoint
defined by the crypto ca trustpoint command in
Step 2 in “” section on page 1-12.
Because the TLS proxy has strict definition of client
proxy and server proxy, two TLS proxy instances
must be defined if either of the entities could initiate
the connection.
Step 7
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
For inbound connections, controls the TLS
handshake parameter for the cipher suite.
Where
cipher_suite includes des-sha1, 3des-sha1,
aes128-sha1, aes256-sha1, or null-sha1.
Step 8
hostname(config-tlsp)# exit
Exits from the TSL proxy configuration mode.
Step 9
hostname(config)# ssl encryption 3des-shal
aes128-shal [algorithms]
Specifies the encryption algorithms that the
SSL/TLS protocol uses. Specifying the 3des-shal
and aes128-shal is required. Specifying other
algorithms is optional.
Note The Cisco Intercompany Media Engine
Proxy requires that you use strong
encryption. You must specify this command
when the proxy is licensed using a K9
license.
Command Purpose

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals