Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
53-9
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 53 Configuring the TLS Proxy for Encrypted Voice Inspection
CTL Provider
Step 2 To add a new TLS Proxy Instance, click Add.
The Add TLS Proxy Instance Wizard opens.
Step 3 In the TLS Proxy Name field, type the TLS Proxy name.
Step 4 Click Next.
The Add TLS Proxy Instance Wizard – Server Configuration dialog box opens. In this step of the wizard,
configure the server proxy parameters for original TLS Server—the Cisco Unified Call Manager
(CUCM) server, the Cisco Unified Presence Server (CUPS), or the Cisco Unified Mobility Advantage
(CUMA) server. See Add TLS Proxy Instance Wizard – Server Configuration, page 53-9.
After configuring the server proxy parameters, the wizard guides you through configuring client proxy
parameters (see Add TLS Proxy Instance Wizard – Client Configuration, page 53-10) and provides
instructions on the steps to complete outside the ASDM to make the TLS Proxy fully functional (see Add
TLS Proxy Instance Wizard – Other Steps, page 53-12).
Modes
The following table shows the modes in which this feature is available:
Add TLS Proxy Instance Wizard – Server Configuration
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
Use the Add TLS Proxy Instance Wizard to add a TLS Proxy to enable inspection of SSL encrypted VoIP
signaling, namely Skinny and SIP, interacting with Cisco Call Manager and to support the Cisco Unified
Communications features on the ASA.
The Add TLS Proxy Instance Wizard is available from the Configuration > Firewall > Unified
Communications > TLS Proxy pane.
Step 1 Complete the first step of the Add TLS Proxy Instance Wizard. See Adding a TLS Proxy Instance,
page 53-8.
The Add TLS Proxy Instance Wizard – Server Configuration dialog box opens.
Step 2 Specify the server proxy certificate by doing one of the following:
To add a new certificate, click Manage. The Manage Identify Certificates dialog box opens.
When the Phone Proxy is operating in a mixed-mode CUCM cluster, you must import the CUCM
certificate by clicking Add in the Manage Identify Certificates dialog box. See the “Configuring
Identity Certificates Authentication” section on page 44-16.
To select an existing certificate, select one from the drop-down list.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••