C h a p t e r, Configuring the tls prox, Configuring the t – Cisco ASA 5505 User Manual
Page 1037: Ls proxy for encrypted voice inspection
C H A P T E R
49-1
Cisco ASA 5500 Series Configuration Guide using the CLI
49
Configuring the T
LS Proxy for Encrypted Voice
Inspection
This chapter describes how to configure the adaptive security appliance for the TLS Proxy for Encrypted
Voice Inspection feature.
This chapter includes the following sections:
•
Information about the TLS Proxy for Encrypted Voice Inspection, page 49-1
•
Licensing for the TLS Proxy, page 49-5
•
Prerequisites for the TLS Proxy for Encrypted Voice Inspection, page 49-7
•
Configuring the TLS Proxy for Encrypted Voice Inspection, page 49-7
•
Monitoring the TLS Proxy, page 49-15
•
Feature History for the TLS Proxy for Encrypted Voice Inspection, page 49-17
Information about the TLS Proxy for Encrypted Voice Inspection
End-to-end encryption often leaves network security appliances “blind” to media and signaling traffic,
which can compromise access control and threat prevention security functions. This lack of visibility can
result in a lack of interoperability between the firewall functions and the encrypted voice, leaving
businesses unable to satisfy both of their key security requirements.
The ASA is able to intercept and decrypt encrypted signaling from Cisco encrypted endpoints to the
Cisco Unified Communications Manager (Cisco UCM), and apply the required threat protection and
access control. It can also ensure confidentiality by re-encrypting the traffic onto the Cisco UCM servers.
Typically, the ASA TLS Proxy functionality is deployed in campus unified communications network.
This solution is ideal for deployments that utilize end to end encryption and firewalls to protect Unified
Communications Manager servers.
The security appliance in
serves as a proxy for both client and server, with Cisco IP Phone
and Cisco UCM interaction.