18-8
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection
CTL Provider
Configure TLS Proxy Pane
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
You can configure the TLS Proxy from the Configuration > Firewall > Unified Communications > TLS
Proxy pane.
Configuring a TLS Proxy lets you use the TLS Proxy to enable inspection of SSL encrypted VoIP
signaling, namely Skinny and SIP, interacting with Cisco Call Manager and enable the ASA for the Cisco
Unified Communications features:
• TLS Proxy for the Cisco Unified Presence Server (CUPS), part of Presence Federation
• TLS Proxy for the Cisco Unified Mobility Advantage (CUMA) server, part of Mobile Advantage
• Phone Proxy
Fields
• TLS Proxy Name—Lists the TLS Proxy name.
• Server Proxy Certificate—Lists the trustpoint, which is either self-signed or enrolled with a
certificate server.
• Local Dynamic Certificate Issuer—Lists the local certificate authority to issue client or server
dynamic certificates.
• Client Proxy Certificate—Lists the proxy certificate for the TLS client. The ASA uses the client
proxy certificate to authenticate the TLS client during the handshake between the proxy and the TLS
client. The certificate can be either self-signed, enrolled with a certificate authority, or issued by the
third party.
• Add—Adds a TLS Proxy by launching the Add TLS Proxy Instance Wizard. See Adding a TLS
Proxy Instance, page 18-9 for the steps to create a TLS Proxy instance.
• Edit—Edits a TLS Proxy. The fields in the Edit panel area identical to the fields displayed when you
add a TLS Proxy instance. See Edit TLS Proxy Instance – Server Configuration, page 18-13 and Edit
TLS Proxy Instance – Client Configuration, page 18-14.
• Delete—Deletes a TLS Proxy.
• Maximum Sessions—Lets you specify the maximum number of TLS Proxy sessions to support.
–
Specify the maximum number of TLS Proxy sessions that the ASA needs to support.
–
Maximum number of sessions—The minimum is 1. The maximum is dependent on the platform:
Cisco ASA 5505 security appliance: 10
Cisco ASA 5510 security appliance: 100
Cisco ASA 5520 security appliance: 300
Cisco ASA 5540 security appliance: 1000
Cisco ASA 5550 security appliance: 2000
Cisco ASA 5580 security appliance: 4000
Note The maximum number of sessions is global to all TLS proxy sessions.