Creating the media termination instance, Creating the media termination – Cisco ASA 5505 User Manual

48-22

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Configuring the Phone Proxy

What To Do Next

Once you have created the TLS proxy instance and installed the certificate on the Cisco Unified
Communications Manager, create the phone proxy instance. See

Creating the Phone Proxy Instance,

page 48-23

.

Creating the Media Termination Instance

Create the media termination instance that you will use in the phone proxy.

Step 10

hostname(config-tlsp)# server trust-point

_internal_PP_

ctl-instance_filename

Example:

hostname(config-tlsp)# server trust-point

_internal_PP_myctl

Configures the server trustpoint and references the
internal trustpoint named
_internal_PP_ctl-instance_filename.

Step 11

hostname(config-tlsp)# client ldc issuer ca_tp_name

Example:

client ldc issuer ldc_server

Specifies the local CA trustpoint to issue client
dynamic certificates.

Step 12

hostname(config-tlsp)# client ldc keypair key_label

Example:

hostname(config-tlsp)# client ldc keypair

phone_common

Specifies the RSA keypair to be used by client
dynamic certificates.

Step 13

hostname(config-tlsp)# client cipher-suite

cipher-suite

Example:

hostname(config-tlsp)# client cipher-suite

aes128-sha1 aes256-sha1

Specifies the cipher suite.

Options include des-sha1, 3des-sha1, aes128-sha1,
aes256-sha1, or null-sha1.

Step 14

Exports the local CA certificate and installs it as a
trusted certificate on the Cisco Unified
Communications Manager server by performing one
of the following actions.

•

hostname(config)# crypto ca export trustpoint

identity-certificate

Example:

hostname(config)# crypto ca export ldc_server

identity-certificate

Exports the certificate if a trustpoint with
proxy-ldc-issuer is used as the signer of the dynamic
certificates.

•

hostname(config)# show crypto ca server certificates

Exports the certificate for the embedded local CA
server LOCAL-CA-SERVER.

After exporting the certificate, you must save the
output to a file and import it on the Cisco Unified
Communications Manager. You can use the Display
Certificates function in the Cisco Unified
Communications Manager software to verify the
installed certificate.

For information about performing these procedures,
see the following URLs:

http://www.cisco.com/en/US/docs/voice_ip_comm/
cucm/cucos/5_0_4/iptpch6.html#wp1040848

http://www.cisco.com/en/US/docs/voice_ip_comm/
cucm/cucos/5_0_4/iptpch6.html#wp1040354

Command

Purpose