Cisco Systems ASA 5580 Network Router User Manual

Open as PDF

of 712

16-22

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 16 Configuring the Cisco Phone Proxy

Configuring the Phone Proxy

Step 6

hostname(config-ca-trustpoint)# subject-name

X.500_name

Example:

hostname(config-ca-trustpoint)# subject-name

cn=FW_LDC_SIGNER_172_23_45_200

Includes the indicated subject DN in the certificate

during enrollment

Where the X.500_name is for the LDC.

Use commas to separate attribute-value pairs. Insert

quotation marks around any value that contains

commas or spaces.

For example:

cn=crl,ou=certs,o="cisco systems, inc.",c=US

The maximum length is 500 characters.

Step 7

hostname(config-ca-trustpoint)# keypair keypair

Example:

hostname(config-ca-trustpoint)# keypair

ldc_signer_key

Specifies the key pair whose public key is to be

certified.

Where the keypair is for the LDC.

Step 8

hostname(config)# crypto ca enroll ldc_server

Example:

hostname(config)# crypto ca enroll ldc_server

Starts the enrollment process with the CA.

Step 9

hostname(config)# tls-proxy proxy_name

Example:

tls-proxy mytls

Creates the TLS proxy instance.

Step 10

hostname(config-tlsp)# server trust-point

_internal_PP_ctl-instance_filename

Example:

hostname(config-tlsp)# server trust-point

_internal_PP_myctl

Configures the server trustpoint and references the

internal trustpoint named

_internal_PP_ctl-instance_filename.

Step 11

hostname(config-tlsp)# client ldc issuer ca_tp_name

Example:

client ldc issuer ldc_server

Specifies the local CA trustpoint to issue client

dynamic certificates.

Step 12

hostname(config-tlsp)# client ldc keypair key_label

Example:

hostname(config-tlsp)# client ldc keypair

phone_common

Specifies the RSA keypair to be used by client

dynamic certificates.

Step 13

hostname(config-tlsp)# client cipher-suite

cipher-suite

Example:

hostname(config-tlsp)# client cipher-suite

aes128-sha1 aes256-sha1

Specifies the cipher suite.

Options include des-sha1, 3des-sha1, aes128-sha1,

aes256-sha1, or null-sha1.

Step 14

Exports the local CA certificate and installs it as a

trusted certificate on the Cisco Unified

Communications Manager server by performing one

of the following actions.

Command Purpose

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASA 5580 Network Router User Manual