Cisco ASA 5505 User Manual

Page 1052

Advertising
background image

49-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 49 Configuring the TLS Proxy for Encrypted Voice Inspection

Monitoring the TLS Proxy

Apr 17 2007 23:13:47: %ASA-7-711001: TLSP cbad5120: Data channel ready for the Client

Apr 17 2007 23:13:47: %ASA-7-725013: SSL Server inside:195.168.2.201/5061 choose cipher :

AES128-SHA

Apr 17 2007 23:13:47: %ASA-7-717025: Validating certificate chain containing 1

certificate(s).

Apr 17 2007 23:13:47: %ASA-7-717029: Identified client certificate within certificate

chain. serial number: 76022D3D9314743A, subject name: cn=EJW-SV-2.inside.com.

Apr 17 2007 23:13:47: %ASA-6-717022: Certificate was successfully validated. Certificate

is resident and trusted, serial number: 76022D3D9314743A, subject name:

cn=EJW-SV-2.inside.com.

Apr 17 2007 23:13:47: %ASA-6-717028: Certificate chain was successfully validated with

revocation status check.

Apr 17 2007 23:13:47: %ASA-6-725002: Device completed SSL handshake with server

inside:195.168.2.201/5061

Apr 17 2007 23:13:47: %ASA-7-711001: TLSP cbad5120: Data channel ready for the Server

Use the show tls-proxy commands with different options to check the active TLS proxy sessions. The
following are some sample outputs:

hostname(config-tlsp)# show tls-proxy

Maximum number of sessions: 1200

TLS-Proxy 'sip_proxy': ref_cnt 1, seq# 3

Server proxy:

Trust-point: local_ccm

Client proxy:

Local dynamic certificate issuer: LOCAL-CA-SERVER

Local dynamic certificate key-pair: phone_common

Cipher suite: aes128-sha1 aes256-sha1

Run-time proxies:

Proxy 0xcbae1538: Class-map: sip_ssl, Inspect: sip

Active sess 1, most sess 3, byte 3456043

TLS-Proxy 'proxy': ref_cnt 1, seq# 1

Server proxy:

Trust-point: local_ccm

Client proxy:

Local dynamic certificate issuer: ldc_signer

Local dynamic certificate key-pair: phone_common

Cipher-suite: <unconfigured>

Run-time proxies:

Proxy 0xcbadf720: Class-map: skinny_ssl, Inspect: skinny

Active sess 1, most sess 1, byte 42916

hostname(config-tlsp)# show tls-proxy session count

2 in use, 4 most used

hostname(config-tlsp)# show tls-proxy session

2 in use, 4 most used

outside 133.9.0.211:50437 inside 195.168.2.200:2443 P:0xcbadf720(proxy) S:0xcbc48a08 byte

42940

outside 133.9.0.218:49159 inside 195.168.2.201:5061 P:0xcbae1538(sip_proxy) S:0xcbad5120

byte 8786

hostname(config-tlsp)# show tls-proxy session detail

2 in use, 4 most used

outside 133.9.0.211:50437 inside 195.168.2.200:2443 P:0xcbadf720(proxy) S:0xcbc48a08 byte

42940

Client: State SSLOK Cipher AES128-SHA Ch 0xca55e498 TxQSize 0 LastTxLeft 0 Flags 0x1

Server: State SSLOK Cipher AES128-SHA Ch 0xca55e478 TxQSize 0 LastTxLeft 0 Flags 0x9

Local Dynamic Certificate

Status: Available

Certificate Serial Number: 29

Certificate Usage: General Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals