Cisco ASA Series Cli Configuration Manual page 1277

Chapter 1 Configuring Cisco Mobility Advantage
•
Task Flow for Configuring Cisco Mobility Advantage
To configure for the ASA to perform TLS proxy and MMP inspection as shown in
Figure
It is assumed that self-signed certificates are used between the ASA and the Cisco UMA server.
Prerequisites
Export the Cisco UMA server certificate and keypair in PKCS-12 format so that you can import it onto
the ASA. The certificate will be used during the handshake with the Cisco UMA clients.
Step 1
Create the static NAT for the Cisco UMA server by entering the following commands:
hostname(config)# object network name
hostname(config-network-object)# host real_ip
hostname(config-network-object)# nat (real_ifc,mapped_ifc) static mapped_ip
Step 2
Import the Cisco UMA server certificate onto the ASA by entering the following commands:
hostname(config)# crypto ca import trustpoint pkcs12 passphrase
[paste base 64 encoded pkcs12]
hostname(config)# quit
Step 3
Install the Cisco UMA server certificate on the ASA. See
page
Step 4
Create the TLS proxy instance for the Cisco UMA clients connecting to the Cisco UMA server. See
Creating the TLS Proxy Instance, page
Step 5
Enable the TLS proxy for MMP inspection. See
Installing the Cisco UMA Server Certificate
Install the Cisco UMA server self-signed certificate in the ASA truststore. This task is necessary for the
ASA to authenticate the Cisco UMA server during the handshake between the ASA proxy and Cisco
UMA server.
Prerequisites
Export the Cisco UMA server certificate and keypair in PKCS-12 format so that you can import it onto
the ASA.
Enabling the TLS Proxy for MMP Inspection, page 1-9
1-2, perform the following tasks.
1-7.
Installing the Cisco UMA Server Certificate,
1-8.
Enabling the TLS Proxy for MMP Inspection, page
Cisco ASA Series CLI Configuration Guide
Configuring Cisco Mobility Advantage
Figure 1-1 and
1-9.
1-7