Creating trustpoints and generating certificates – Cisco ASA 5505 User Manual

52-21

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 52 Configuring Cisco Intercompany Media Engine Proxy

Configuring Cisco Intercompany Media Engine Proxy

What to Do Next

Install the certificate on the local entity truststore. You could also enroll the certificate with a local CA
trusted by the local entity.

Creating Trustpoints and Generating Certificates

You need to generate the keypair for the certificate used by the ASA, and configure a trustpoint to
identify the certificate sent by the ASA in the TLS handshake.

The example command lines in this task are based on a basic (in-line) deployment. See

Figure 52-6 on

page 52-11

for an illustration explaining the example command lines in this task.

Note

This task instructs you on how to create trustpoints for the local enterprise and the remote enterprise and
how to exchange certificates between these two enterprises. This task does not provide steps for creating
trustpoints and exchanging certificates between the local Cisco UCM and the local ASA. However, if
you require additional security within the local enterprise, you must perform the optional task

(Optional)

Step 5

(Optional)

hostname(config-uc-ime)# fallback monitoring timer

timer_millisec | hold-down timer timer_sec

Examples:

hostname(config-uc-ime)# fallback monitoring timer

120

hostname(config-uc-ime)# fallback hold-down timer 30

Specifies the fallback timers for Cisco Intercompany
Media Engine.

Specifying monitoring timer sets the time between
which the ASA samples the RTP packets received
from the Internet. The ASA uses the data sample to
determine if fallback to the PSTN is needed for a
call.

Where timer_millisec specifies the length of the
monitoring timer. By default, the length is 100
milliseconds for the monitoring timer and the
allowed range is 10-600 ms.

Specifying hold-down timer sets the amount of
time that ASA waits before notifying Cisco UCM
whether to fall back to PSTN.

Where timer_sec specifies the length of the
hold-down timer. By default, the length is 20
seconds for the hold-down timer and the allowed
range is 10-360 seconds.

If you do not use this command to specify fallback
timers, the ASA uses the default settings for the
fallback timers.

Step 6

(Optional)

hostname(config-uc-ime)# fallback sensitivity-file

file_name

Example:

hostname(config-uc-ime)# fallback sensitivity-file

ime-fallback-sensitvity.fbs

Specifies the file to use for mid-call PSTN fallback.

Where file_name must be the name of a file on disk
that includes the .fbs file extension.

The fallback file is used to determine whether the
QoS of the call is poor enough for the Cisco
Intercompany Media Engine to move the call to the
PSTN.

Command

Purpose