Cisco ASA Series Cli Configuration Manual page 1220
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring the Phone Proxy
Command
Step 1
hostname(config)# crypto key generate rsa label
key-pair-label modulus size
Examples:
hostname(config)# crypto key generate rsa label
ldc_signer_key modulus 1024
hostname(config)# crypto key generate rsa label
phone_common modulus 1024
Step 2
hostname(config)# crypto ca trustpoint
trustpoint_name
Example:
hostname(config)# crypto ca trustpoint ldc_server
Step 3
hostname(config-ca-trustpoint)# enrollment self
Step 4
hostname(config-ca-trustpoint)# proxy-ldc-issuer
Step 5
hostname(config-ca-trustpoint)# fqdn fqdn
Example:
hostname(config-ca-trustpoint)# fqdn
my_ldc_ca.example.com
Step 6
hostname(config-ca-trustpoint)# subject-name
X.500_name
Example:
hostname(config-ca-trustpoint)# subject-name
cn=FW_LDC_SIGNER_172_23_45_200
Step 7
hostname(config-ca-trustpoint)# keypair keypair
Example:
hostname(config-ca-trustpoint)# keypair
ldc_signer_key
Step 8
hostname(config)# crypto ca enroll ldc_server
Example:
hostname(config)# crypto ca enroll ldc_server
Step 9
hostname(config)# tls-proxy proxy_name
Example:
tls-proxy mytls
Step 10
hostname(config-tlsp)# server trust-point
_internal_PP_ctl-instance_filename
Example:
hostname(config-tlsp)# server trust-point
_internal_PP_myctl
Step 11
hostname(config-tlsp)# client ldc issuer ca_tp_name
Example:
client ldc issuer ldc_server
Step 12
hostname(config-tlsp)# client ldc keypair key_label
Example:
hostname(config-tlsp)# client ldc keypair
phone_common
Cisco ASA Series CLI Configuration Guide
1-22
Chapter 1
Configuring the Cisco Phone Proxy
Purpose
Creates the necessary RSA key pairs.
Where the
key-pair-label
and the key for the IP phones.
Creates an internal local CA to sign the LDC for
Cisco IP phones.
Where the trustpoint_name is for the LDC.
Generates a self-signed certificate.
Defines the local CA role for the trustpoint to issue
dynamic certificates for the TLS proxy.
Includes the indicated FQDN in the Subject
Alternative Name extension of the certificate during
enrollment.
Where the fqdn is for the LDC.
Includes the indicated subject DN in the certificate
during enrollment
Where the X.500_name is for the LDC.
Use commas to separate attribute-value pairs. Insert
quotation marks around any value that contains
commas or spaces.
For example:
cn=crl,ou=certs,o="cisco systems, inc.",c=US
The maximum length is 500 characters.
Specifies the key pair whose public key is to be
certified.
Where the keypair is for the LDC.
Starts the enrollment process with the CA.
Creates the TLS proxy instance.
Configures the server trustpoint and references the
internal trustpoint named
_internal_PP_ctl-instance_filename.
Specifies the local CA trustpoint to issue client
dynamic certificates.
Specifies the RSA keypair to be used by client
dynamic certificates.
is the LDC signer key
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
