Filter
Top Products
19-22
Cisco ASDM User Guide
OL-16647-01
Chapter 19 Adding Global Objects
TLS Proxy Wizard
See TLS Proxy Wizard, page 19-17 to determine which TLS clients used by the Cisco Unified
Communication features are capable of client authentication.
Step 5 Click Next.
The Add TLS Proxy Instance Wizard – Client Configuration dialog box opens. In this step of the wizard,
configure the client proxy parameters for original TLS Client—the CUMC client for Mobile Advantage,
CUP or MS LCS/OCS client for Presence Federation, or the IP phone for the Phone Proxy. See Add TLS
Proxy Instance Wizard – Client Configuration, page 19-22.
After configuring the client proxy parameters, the wizard provides instructions on the steps to complete
outside the ASDM to make the TLS Proxy fully functional (see Add TLS Proxy Instance Wizard – Other
Steps, page 19-24).
Add TLS Proxy Instance Wizard – Client Configuration
Note This feature is not supported for ASDM version 6.1.5 or the Adaptive Security Appliance version 8.1.2.
Use the Add TLS Proxy Instance Wizard to add a TLS Proxy to enable inspection of SSL encrypted VoIP
signaling, namely Skinny and SIP, interacting with Cisco Call Manager and to support the Cisco Unified
Communications features on the security appliance. For a detailed overview of the TLS Proxy used by
these features, see TLS Proxy Wizard, page 19-17.
The fields in the Edit TLS Proxy dialog box are identical to the fields displayed when you add a TLS
Proxy instance. Use the Edit TLS Proxy – Client Configuration tab to edit the client proxy parameters
for the original TLS Client, such as IP phones, CUMA clients, the Cisco Unified Presence Server
(CUPS), or the Microsoft OCS server.
This wizard is available from the Configuration > Firewall > Advanced > Encrypted Traffic Inspection
> TLS Proxy pane.
Step 1 Complete the first two steps of the Add TLS Proxy Instance Wizard. See Adding a TLS Proxy Instance,
page 19-20 and Add TLS Proxy Instance Wizard – Client Configuration, page 19-22.
The Add TLS Proxy Instance Wizard – Client Configuration dialog box opens.
Step 2 To specify a client proxy certificate to use for the TLS Proxy, perform the following. Select this option
when the client proxy certificate is being used between two servers; for example, when configuring the
TLS Proxy for Presence Federation, which uses the Cisco Unified Presence Server (CUPS), both the TLS
client and TLS server are both servers.
a. Check the Specify the proxy certificate for the TLS Client... check box.
b. Select a certificate from the drop-down list.
Or
To create a new client proxy certificate, click Manage. The Manage Identify Certificates dialog box
opens. See Identity Certificates Authentication, page 33-11.
Note When you are configuring the TLS Proxy for the Phone Proxy and it is using the mixed security mode
for the CUCM cluster, you must configure the LDC Issuer. The LDC Issuer lists the local certificate
authority to issue client or server dynamic certificates.