Cisco ASA 5505 User Manual
Page 1117
52-29
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 52 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
What to Do Next
Once you have configured the TLS within the enterprise, if necessary, configure off path signaling for
an off path deployment. See
(Optional) Configuring Off Path Signaling, page 52-30
.
Step 6
hostname(config)# crypto ca authenticate trustpoint
Example:
hostname(config)# crypto ca authenticate
local-ent-ucm
Imports the certificate from local Cisco UCM.
Where trustpoint is the trustpoint for the local Cisco
UCM.
Paste the certificate downloaded from the local
Cisco UCM. This certificate enables the ASA to
validate the certificate that Cisco UCM sends in the
TLS handshake.
Step 7
hostname(config)# tls-proxy proxy_name
hostname(config-tlsp)# server trust-point
proxy_trustpoint
hostname(config-tlsp)# client trust-point
proxy_trustpoint
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Example:
hostname(config)# tls-proxy local_to_remote-ent
hostname(config-tlsp)# server trust-point
local-ent-ucm
hostname(config-tlsp)# client trust-point local-ent
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Updates the TLS proxy for outbound connections.
Where proxy_name is the name you entered in
Step 1
of the task
Creating the TLS Proxy
.
Where proxy_trustpoint for the server trust-point
command is the name you entered in
Step 4
of this
procedure.
Where proxy_trustpoint for the client trust-point
command is the name you entered in
Step 2
of the
task
Creating Trustpoints and Generating
Certificates
.
Note
In this step, you are creating different
trustpoints for the client and the server.
Step 8
hostname(config-tlsp)# exit
Exits from TLS Proxy Configuration mode.
Step 9
hostname(config)# tls-proxy proxy_name
hostname(config-tlsp)# server trust-point
proxy_trustpoint
hostname(config-tlsp)# client trust-point
proxy_trustpoint
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Example:
hostname(config)# tls-proxy remote_to_local-ent
hostname(config-tlsp)# server trust-point local-ent
hostname(config-tlsp)# client trust-point
local-ent-ucm
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Updates the TLS proxy for inbound connections.
Where proxy_name is the name you entered in
Step 5
of the task
Creating the TLS Proxy
.
Where proxy_trustpoint for the server trust-point
command is the name you entered in
Step 2
of the
task
Creating Trustpoints and Generating
Certificates
.
Where proxy_trustpoint for the client trust-point
command is the name you entered in
Step 4
of this
procedure.
Step 10
hostname(config-tlsp)# exit
Exits from TLS Proxy Configuration mode.
Step 11
hostname(config)# uc-ime uc_ime_name
hostname(config-uc-ime)# ucm address ip_address
trunk-security-mode secure
Example:
hostname(config)# uc-ime local-ent-ime
hostname(config-uc-ime)# ucm address 192.168.10.30
trunk-security-mode secure
Updates the Cisco Intercompany Media Engine
Proxy for trunk-security-mode.
Where
uc_ime_name
is the name you entered in
Step 1
of the task
Creating the Cisco Intercompany
Media Engine Proxy
.
Only perform this step if you entered nonsecure in
Step 3
of the task
Creating the Cisco Intercompany
Media Engine Proxy
.
Commands
Purpose