Filter
Top Products
19-24
Cisco ASDM User Guide
OL-16647-01
Chapter 19 Adding Global Objects
Phone Proxy
Add TLS Proxy Instance Wizard – Other Steps
Note This feature is not supported for ASDM version 6.1.5 or the Adaptive Security Appliance version 8.1.2.
The last dialog box of the Add TLS Proxy Instance Wizard specifies the additional steps required to
make TLS Proxy fully functional. In particular, you need to perform the following tasks to complete the
TLS Proxy configuration:
• Export the local CA certificate or LDC Issuer and install them on the original TLS server.
To export the LDC Issuer, go to Configuration > Firewall > Advanced > Certificate Management >
Identity Certificates > Export. See Export an Identity Certificate, page 33-15.
• For the TLS Proxy, enable Skinny and SIP inspection between the TLS server and TLS clients. See
SIP Inspection, page 24-21 and Skinny (SCCP) Inspection, page 24-22. When you are configuring
the TLS Proxy for Presence Federation (which uses CUP), you only enable SIP inspection because
the feature supports only the SIP protocol.
• For the TLS Proxy for CUMA, enable MMP inspection. See MMP Inspection, page 24-17.
• When using the internal Certificate Authority of the security appliance to sign the LDC Issuer for
TLS clients, perform the following:
–
Use the Cisco CTL Client to add the server proxy certificate to the CTL file and install the CTL
file on the security appliance.
For information on the Cisco CTL Client, see “Configuring the Cisco CTL Client” in Cisco
Unified CallManager Security Guide.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/5_0_4/secuauth.html
To install the CTL file on the security appliance, go to Configuration > Firewall > Advanced >
Encrypted Traffic Inspection > CTL Provider > Add. The Add CTL Provider dialog box opens.
For information on using this dialog box to install the CTL file, see Add/Edit CTL Provider,
page 19-33.
–
Create a CTL provider instance for connections from the CTL clients. See Add/Edit CTL
Provider, page 19-33.
Phone Proxy
Note This feature is not supported for ASDM version 6.1.5 or the Adaptive Security Appliance version 8.1.2.
For information on how to configure the Phone Proxy, see the following sections:
• Configuring the Phone Proxy, page 19-25
• Add/Edit TFTP Server, page 19-27
Use the Phone Proxy to configure a Phone Proxy between a Call Manager and IP phones. If the Phone
Proxy is configured, the security appliance encrypts signaling connections from IP phones in the
untrusted networks and sends them in the clear to the CUCM on a trusted network.