Filter
Top Products
19-30
Cisco ASDM User Guide
OL-16647-01
Chapter 19 Adding Global Objects
TLS Proxy
• capf: Specifies the role of this trustpoint to be CAPF. Only one CAPF trustpoint can be configured.
Address—Specifies the IP address of the trustpoint. The IP address you specify must be the global
address of the TFTP server or CUCM if NAT is configured. The global IP address is the IP address as
seen by the IP phones because it will be the IP address used for the CTL record for the trustpoint.
Certificate—Specifies the Identity Certificate for the record entry in the CTL file. You can create a new
Identity Certificate by clicking Manage. The Manage Identify Certificates dialog box opens. See
Identity Certificates Authentication, page 33-11.
You can add an Identity Certificate by generating a self-signed certificate, obtaining the certificate
through SCEP enrollment, or by importing a certificate in PKCS-12 format. Choose the best option
based on the requirements for configuring the CTL file.
Domain Name—(Optional) Specifies the domain name of the trustpoint used to create the DNS field for
the trustpoint. This is appended to the Common Name field of the Subject DN to create the DNS Name.
The domain name should be configured when the FQDN is not configured for the trustpoint. Only one
domain-name can be specified.
Note If you are using domain names for your CUCM and TFTP server, you must configure DNS lookup on
the security appliance. Add an entry for each of the outside interfaces on the security appliance into your
DNS server, if such entries are not already present. Each security appliance outside IP address should
have a DNS entry associated with it for lookups. These DNS entries must also be enabled for Reverse
Lookup. Additionally, define your DNS server IP address on the security appliance; for example:
dns
name-server 10.2.3.4 (IP address of your DNS server).
Modes
The following table shows the modes in which this feature is available:
TLS Proxy
Use the TLS Proxy option to enable inspection of SSL encrypted VoIP signaling, namely Skinny and
SIP, interacting with Cisco CallManager.
The TLS Proxy pane lets you define and configure Transaction Layer Security Proxy to enable
inspection of encrypted traffic.
Fields
• TLS Proxy Name—Lists the TLS Proxy name.
• Server—Lists the trustpoint, which is either self-signed or enrolled with a certificate server.
• Local Dynamic Certificate Issuer—Lists the local certificate authority to issue client or server
dynamic certificates.
• Local Dynamic Certificate Key Pair—Lists the RSA key pair used by client or server dynamic
certificates.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——