EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1220 background imageLoading...
Page #1220 background image
1-22
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Command Purpose
Step 1
hostname(config)# crypto key generate rsa label
key-pair-label modulus size
Examples:
hostname(config)# crypto key generate rsa label
ldc_signer_key modulus 1024
hostname(config)# crypto key generate rsa label
phone_common modulus 1024
Creates the necessary RSA key pairs.
Where the
key-pair-label is the LDC signer key
and the key for the IP phones.
Step 2
hostname(config)# crypto ca trustpoint
trustpoint_name
Example:
hostname(config)# crypto ca trustpoint ldc_server
Creates an internal local CA to sign the LDC for
Cisco IP phones.
Where the trustpoint_name is for the LDC.
Step 3
hostname(config-ca-trustpoint)# enrollment self
Generates a self-signed certificate.
Step 4
hostname(config-ca-trustpoint)# proxy-ldc-issuer
Defines the local CA role for the trustpoint to issue
dynamic certificates for the TLS proxy.
Step 5
hostname(config-ca-trustpoint)# fqdn fqdn
Example:
hostname(config-ca-trustpoint)# fqdn
my_ldc_ca.example.com
Includes the indicated FQDN in the Subject
Alternative Name extension of the certificate during
enrollment.
Where the fqdn is for the LDC.
Step 6
hostname(config-ca-trustpoint)# subject-name
X.500_name
Example:
hostname(config-ca-trustpoint)# subject-name
cn=FW_LDC_SIGNER_172_23_45_200
Includes the indicated subject DN in the certificate
during enrollment
Where the X.500_name is for the LDC.
Use commas to separate attribute-value pairs. Insert
quotation marks around any value that contains
commas or spaces.
For example:
cn=crl,ou=certs,o="cisco systems, inc.",c=US
The maximum length is 500 characters.
Step 7
hostname(config-ca-trustpoint)# keypair keypair
Example:
hostname(config-ca-trustpoint)# keypair
ldc_signer_key
Specifies the key pair whose public key is to be
certified.
Where the keypair is for the LDC.
Step 8
hostname(config)# crypto ca enroll ldc_server
Example:
hostname(config)# crypto ca enroll ldc_server
Starts the enrollment process with the CA.
Step 9
hostname(config)# tls-proxy proxy_name
Example:
tls-proxy mytls
Creates the TLS proxy instance.
Step 10
hostname(config-tlsp)# server trust-point
_internal_PP_ctl-instance_filename
Example:
hostname(config-tlsp)# server trust-point
_internal_PP_myctl
Configures the server trustpoint and references the
internal trustpoint named
_internal_PP_ctl-instance_filename.
Step 11
hostname(config-tlsp)# client ldc issuer ca_tp_name
Example:
client ldc issuer ldc_server
Specifies the local CA trustpoint to issue client
dynamic certificates.
Step 12
hostname(config-tlsp)# client ldc keypair key_label
Example:
hostname(config-tlsp)# client ldc keypair
phone_common
Specifies the RSA keypair to be used by client
dynamic certificates.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals