Cisco ASA 5505 Configuration Manual page 1031
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 47
Configuring Cisco Intercompany Media Engine Proxy
What to Do Next
Create the TLS proxy for the Cisco Intercompany Media Engine. See the
section on page
Creating the TLS Proxy
Because either enterprise, namely the local or remote Cisco UCM servers, can initiate the TLS
handshake (unlike IP Telephony or Cisco Mobility Advantage, where only the clients initiate the TLS
handshake), you must configure by-directional TLS proxy rules. Each enterprise can have an adaptive
security appliance as the TLS proxy.
Create TLS proxy instances for the local and remote entity initiated connections respectively. The entity
that initiates the TLS connection is in the role of "TLS client." Because the TLS proxy has a strict
definition of "client" and "server" proxy, two TLS proxy instances must be defined if either of the
entities could initiate the connection.
The example command lines in this task are based on a basic (in-line) deployment. See
page 47-11
To create the TLS proxy, perform the following steps:
Command
Step 1
hostname(config)# tls-proxy proxy_name
Example:
hostname(config)# tls-proxy local_to_remote-ent
Step 2
hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point local-ent
Step 3
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Step 4
hostname(config-tlsp)# exit
Step 5
hostname(config)# tls-proxy proxy_name
Example:
hostname(config)# tls-proxy remote_to_local-ent
OL-20339-01
47-25.
for an illustration explaining the example command lines in this task.
Configuring Cisco Intercompany Media Engine Proxy
Purpose
Creates the TLS proxy for the outbound
connections.
For outbound connections, specifies the trustpoint
and associated certificate that the adaptive security
appliance uses in the TLS handshake when the
adaptive security appliance assumes the role of the
TLS client. The certificate must be owned by the
adaptive security appliance (identity certificate).
Where proxy_trustpoint specifies the trustpoint
defined by the crypto ca trustpoint command in
Step 2
in
"Creating Trustpoints and Generating
Certificates" section on page
For outbound connections, controls the TLS
handshake parameter for the cipher suite.
Where
includes des-sha1, 3des-sha1,
cipher_suite
aes128-sha1, aes256-sha1, or null-sha1.
For client proxy (the proxy acts as a TLS client to
the server), the user-defined cipher suite replaces the
default cipher suite, or the one defined by the ssl
encryption command. Use this command to achieve
difference ciphers between the two TLS sessions.
You should use AES ciphers with the Cisco UCM
server.
Exits from the TLS proxy configuration mode.
Create the TLS proxy for inbound connections.
Cisco ASA 5500 Series Configuration Guide using ASDM
"Creating the TLS Proxy"
Figure 47-6 on
47-22.
47-25
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
