Cisco ASA Series Cli Configuration Manual page 1260
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring the TLS Proxy for Encrypted Voice Inspection
•
•
•
•
•
Task flow for Configuring the TLS Proxy for Encrypted Voice Inspection
To configure the security appliance for TLS proxy, perform the following steps:
Step 1
(Optional) Set the maximum number of TLS proxy sessions to be supported by the security appliance
using the following command, for example:
hostname(config)# tls-proxy maximum-sessions 1200
Note
Step 2
Create trustpoints and generate certificates for the TLS Proxy for Encrypted Voice Inspection. See
Creating Trustpoints and Generating Certificates, page
Step 3
Create the internal CA to sign the LDC for Cisco IP Phones. See
Step 4
Create the CTL provider instance. See
Step 5
Create the TLS proxy instance. See
Step 6
Enable the TLS proxy y with SIP and Skinny inspection. See
Skinny or SIP Inspection, page
Step 7
Export the local CA certificate (ldc_server) and install it as a trusted certificate on the Cisco UCM server.
a.
b.
Save the output to a file and import the certificate on the Cisco UCM. For more information, see the
Cisco Unified CallManager document:
http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/5_0/iptp_adm/504/iptpch6.htm#wp1
040848
After this step, you may use the Display Certificates function on the Cisco Unified CallManager GUI to
verify the installed certificate:
http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/5_0/iptp_adm/504/iptpch6.htm#wp1
040354
Cisco ASA Series CLI Configuration Guide
1-8
Creating Trustpoints and Generating Certificates, page 1-9
Creating an Internal CA, page 1-10
Creating a CTL Provider Instance, page 1-11
Creating the TLS Proxy Instance, page 1-12
Enabling the TLS Proxy Instance for Skinny or SIP Inspection, page 1-13
The tls-proxy maximum-sessions command controls the memory size reserved for
cryptographic applications such as TLS proxy. Crypto memory is reserved at the time of system
boot. You may need to reboot the security appliance for the configuration to take effect if the
configured maximum sessions number is greater than the currently reserved.
Use the following command to export the certificate if a trust-point with proxy-ldc-issuer is used
as the signer of the dynamic certificates, for example:
hostname(config)# crypto ca export ldc_server identity-certificate
For the embedded local CA server LOCAL-CA-SERVER, use the following command to export its
certificate, for example:
hostname(config)# show crypto ca server certificate
Chapter 1
Configuring the TLS Proxy for Encrypted Voice Inspection
1-9.
Creating a CTL Provider Instance, page
Creating the TLS Proxy Instance, page
1-13.
Creating an Internal CA, page
1-11.
1-12.
Enabling the TLS Proxy Instance for
1-10.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
