Ctl client overview – Cisco ASA 5505 User Manual

Page 1039

Advertising
background image

49-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 49 Configuring the TLS Proxy for Encrypted Voice Inspection

Information about the TLS Proxy for Encrypted Voice Inspection

proxy, the CTL file must contain the certificate that the security appliance creates for the Cisco UCMs.
To proxy calls on behalf of the Cisco IP Phone, the security appliance presents a certificate that the Cisco
UCM can verify, which is a Local Dynamic Certificate for the phone, issued by the certificate authority
on the security appliance.

TLS proxy is supported by the Cisco Unified CallManager Release 5.1 and later. You should be familiar
with the security features of the Cisco UCM. For background and detailed description of Cisco UCM
security, see the Cisco Unified CallManager document:

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/5_0/sec_vir/ae/sec504/index.htm

TLS proxy applies to the encryption layer and must be configured with an application layer protocol
inspection. You should be familiar with the inspection features on the ASA, especially Skinny and SIP
inspection.

CTL Client Overview

The CTL Client application supplied by Cisco Unified CallManager Release 5.1 and later supports a TLS
proxy server (firewall) in the CTL file.

Figure 49-2

through

Figure 49-5

illustrate the TLS proxy features

supported in the CTL Client.

Figure 49-2

CTL Client TLS Proxy Features — Add Firewall

Figure 49-2

shows support for adding a CTL entry consisting of the security appliance as the TLS proxy.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals