Filter
Top Products
16-21
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
What to Do Next
Once you have created the TLS proxy instance, create the phone proxy instance. See Creating the Phone
Proxy Instance, page 16-24.
Creating the TLS Proxy for a Mixed-mode Cisco UCM Cluster
For mixed mode clusters, there might be IP phones that are already configured as encrypted so it requires
TLS to the Cisco UCM. You must configure the LDC issuer for the TLS proxy.
Command Purpose
Step 1
hostname(config)# tls-proxy proxy_name
Example:
tls-proxy mytls
Creates the TLS proxy instance.
Step 2
hostname(config-tlsp)# server trust-point
_internal_PP_ctl-instance_filename
Example:
server trust-point _internal_PP_myctl
Configures the server trustpoint and references the
internal trustpoint named
_internal_PP_ctl-instance_filename.
Command Purpose
Step 1
hostname(config)# crypto key generate rsa label
key-pair-label modulus size
Examples:
hostname(config)# crypto key generate rsa label
ldc_signer_key modulus 1024
hostname(config)# crypto key generate rsa label
phone_common modulus 1024
Creates the necessary RSA key pairs.
Where the
key-pair-label is the LDC signer key
and the key for the IP phones.
Step 2
hostname(config)# crypto ca trustpoint
trustpoint_name
Example:
hostname(config)# crypto ca trustpoint ldc_server
Creates an internal local CA to sign the LDC for
Cisco IP phones.
Where the trustpoint_name is for the LDC.
Step 3
hostname(config-ca-trustpoint)# enrollment self
Generates a self-signed certificate.
Step 4
hostname(config-ca-trustpoint)# proxy-ldc-issuer
Defines the local CA role for the trustpoint to issue
dynamic certificates for the TLS proxy.
Step 5
hostname(config-ca-trustpoint)# fqdn fqdn
Example:
hostname(config-ca-trustpoint)# fqdn
my-ldc-ca.example.com
Includes the indicated FQDN in the Subject
Alternative Name extension of the certificate during
enrollment.
Where the fqdn is for the LDC.