Creating the tls proxy instance – Cisco ASA 5505 User Manual

Page 1048

Advertising
background image

49-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 49 Configuring the TLS Proxy for Encrypted Voice Inspection

Configuring the TLS Proxy for Encrypted Voice Inspection

What to Do Next

Once you have created the CTL provider instance, create the TLS proxy instance. See

Creating the TLS

Proxy Instance, page 49-12

.

Creating the TLS Proxy Instance

Create the TLS proxy instance to handle the encrypted signaling.

Command

Purpose

Step 1

hostname(config)# ctl-provider ctl_name

Example:

hostname(config)# ctl-provider my_ctl

Enters the CTL provider configuration mode so that
you can create the Certificate Trust List provider
instance.

Step 2

hostname(config-ctl-provider)# client interface

if_name ipv4_addr

Example:

hostname(config-ctl-provider)# client interface

inside address 172.23.45.1

Specifies clients allowed to connect to the
Certificate Trust List provider.

Where interface if_name specifies the interface
allowed to connect and ipv4_addr specifies the IP
address of the client.

More than one command may be issued to define
multiple clients.

Step 3

hostname(config-ctl-provider)# client username

user_name password password encrypted

Example:

hostname(config-ctl-provider)# client username

CCMAdministrator password XXXXXX encrypted

Specifies the username and password for client
authentication.

The username and password must match the
username and password for Cisco UCM
administration.

Step 4

hostname(config-ctl-provider)# export certificate

trustpoint_name

Example:

hostname(config-ctl-provider)# export certificate

Specifies the certificate to be exported to the client.
The certificate will be added to the Certificate Trust
List file composed by the CTL client.

The trustpoint name in the export command is the
proxy certificate for the Cisco UCM server.

Step 5

hostname(config-ctl-provider)# ctl install

Enables the CTL provider to parse the CTL file from
the CTL client and install trustpoints for entries
from the CTL file. Ttrustpoints installed by this
command have names prefixed with
"_internal_CTL_<ctl_name>."

Advertising