Task flow for configuring cisco mobility advantage, Installing the cisco uma server certificate – Cisco ASA 5505 User Manual
Page 1061
50-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 50 Configuring Cisco Mobility Advantage
Configuring Cisco Mobility Advantage
•
Enabling the TLS Proxy for MMP Inspection, page 50-9
Task Flow for Configuring Cisco Mobility Advantage
To configure for the ASA to perform TLS proxy and MMP inspection as shown in
, perform the following tasks.
It is assumed that self-signed certificates are used between the ASA and the Cisco UMA server.
Prerequisites
Export the Cisco UMA server certificate and keypair in PKCS-12 format so that you can import it onto
the ASA. The certificate will be used during the handshake with the Cisco UMA clients.
Step 1
Create the static NAT for the Cisco UMA server by entering the following commands:
hostname(config)# object network name
hostname(config-network-object)# host real_ip
hostname(config-network-object)# nat (real_ifc,mapped_ifc) static mapped_ip
Step 2
Import the Cisco UMA server certificate onto the ASA by entering the following commands:
hostname(config)# crypto ca import trustpoint pkcs12 passphrase
[paste base 64 encoded pkcs12]
hostname(config)# quit
Step 3
Install the Cisco UMA server certificate on the ASA. See
Installing the Cisco UMA Server Certificate,
.
Step 4
Create the TLS proxy instance for the Cisco UMA clients connecting to the Cisco UMA server. See
Creating the TLS Proxy Instance, page 50-8
.
Step 5
Enable the TLS proxy for MMP inspection. See
Enabling the TLS Proxy for MMP Inspection,
.
Installing the Cisco UMA Server Certificate
Install the Cisco UMA server self-signed certificate in the ASA truststore. This task is necessary for the
ASA to authenticate the Cisco UMA server during the handshake between the ASA proxy and Cisco
UMA server.
Prerequisites
Export the Cisco UMA server certificate and keypair in PKCS-12 format so that you can import it onto
the ASA.