Cisco ASA 5505 Configuration Manual page 976
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Prerequisites for the TLS Proxy for Encrypted Voice Inspection
1. Phone Proxy, Presence Federation Proxy, and Encrypted Voice Inspection applications use TLS proxy sessions for their connections. Each TLS proxy
session is counted against the UC license limit. All of these applications are licensed under the UC Proxy umbrella, and can be mixed and matched. Some
applications might use multiple sessions for a connection. For example, if you configure a phone with a primary and backup Cisco Unified
Communications Manager, there are 2 TLS proxy connections, so 2 UC Proxy sessions are used.
Note: Mobility Advantage Proxy does not require a license, and its TLS proxy sessions do not count towards the UC license limit.
The maximum number of UC sessions you can use also depends on the TLS proxy session limit:
- For license part numbers ending in "K8" (for example, licenses under 250 users), TLS proxy sessions are limited to 1000.
- For license part numbers ending in "K9" (for example, licenses 250 users or larger), the TLS proxy limit depends on your configuration and the platform
model. To configure the TLS proxy limit, use the Configuration > Firewall > Unified Communications > TLS Proxy pane.
Note: K8 and K9 refer to whether the license is restricted for export: K8 is unrestricted, and K9 is restricted.
You might also use SRTP encryption sessions for your connections:
- For K8 licenses, SRTP sessions are limited to 250.
- For K9 licenses, there is not limit.
Note: Only calls that require encryption/decryption for media are counted towards the SRTP limit; if passthrough is set for the call, even if both legs are
SRTP, they do not count towards the limit.
2. With the 10,000-session license, the total combined sessions can be 10,000, but the maximum number of Phone Proxy sessions is 5000.
Table 44-1
Table 44-1
Security Appliance Platform
ASA 5505
ASA 5510
ASA 5520
ASA 5540
ASA 5550
ASA 5580
For more information about licensing, see
Prerequisites for the TLS Proxy for Encrypted Voice Inspection
Before configuring TLS proxy, the following prerequisites are required:
•
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
44-4
shows the default and maximum TLS session details by platform.
Default and Maximum TLS Sessions on the Security Appliance
You must set clock on the security appliance before configuring TLS proxy. To set the clock
manually and display clock, use the clock set and show clock commands. We recommend that the
security appliance use the same NTP server as the Cisco Unified CallManager cluster. TLS
handshake may fail due to certificate validation failure if clock is out of sync between the security
appliance and the Cisco Unified CallManager server.
3DES-AES license is needed to interoperate with the Cisco Unified CallManager. AES is the default
cipher used by the Cisco Unified CallManager and Cisco IP Phone.
Import the following certificates which are stored on the Cisco UCM. These certificates are required
by the adaptive security appliance for the phone proxy.
Cisco_Manufacturing_CA
–
CAP-RTP-001
–
Chapter 44
Configuring the TLS Proxy for Encrypted Voice Inspection
Default TLS Sessions
10
100
300
1000
2000
4000
Chapter 4, "Managing Feature Licenses."
Maximum TLS Sessions
80
200
1200
4500
4500
13,000
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
