Cisco ASA Series Cli Configuration Manual page 1297
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Cisco Unified Presence
Command
Step 4
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Step 5
! Remote entity to local entity
hostname(config)# tls-proxy proxy_name
Example:
tls-proxy ent_y_to_x
Step 6
hostname(config-tlsp)# server trust-point proxy_name
Example:
hostname(config-tlsp)# server trust-point ent_x_cert
Step 7
hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point
ent_y_proxy
Step 8
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
What to Do Next
Once you have created the TLS proxy instance, enable it for SIP inspection. See
for SIP Inspection, page
Enabling the TLS Proxy for SIP Inspection
Enable the TLS proxy for SIP inspection and define policies for both entities that could initiate the
connection.
Command
Step 1
hostname(config)# access-list id extended permit tcp
host src_ip host dest_ip eq port
Examples:
access-list ent_x_to_y extended permit tcp host
10.0.0.2 host 192.0.2.254 eq 5061
access-list ent_y_to_x extended permit tcp host
192.0.2.254 host 192.0.2.1 eq 5061
Step 2
hostname(config)# class-map class_map_name
Example:
hostname(config)# class-map ent_x_to_y
Step 3
hostname(config-cmap)# match access-list
access_list_name
Example:
hostname(config-cmap)# match access-list ent_x_to_y
Configuring Cisco Unified Presence Proxy for SIP Federation
Purpose
Specifies cipher suite configuration.
For client proxy (the proxy acts as a TLS client to
the server), the user-defined cipher suite replaces the
default cipher suite.
Creates the TLS proxy instance.
Specifies the proxy trustpoint certificate presented
during TLS handshake.
Where the proxy_name for the server trust-point
command is the local entity proxy name
Specifies the trustpoint and associated certificate
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
Where the proxy_trustpoint for the client
trust-point command is the remote entity proxy.
Specifies cipher suite configuration.
1-13.
Purpose
Adds an Access Control Entry. The access list is
used to specify the class of traffic to inspect.
Configures the secure SIP class of traffic to inspect.
Where class_map_name is the name of the SIP class
map.
Identifies the traffic to inspect.
Enabling the TLS Proxy
Cisco ASA Series CLI Configuration Guide
1-13
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
