Enabling the tls proxy for sip inspection – Cisco ASA 5505 User Manual

Page 1081

Advertising
background image

51-13

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 51 Configuring Cisco Unified Presence

Configuring Cisco Unified Presence Proxy for SIP Federation

What to Do Next

Once you have created the TLS proxy instance, enable it for SIP inspection. See

Enabling the TLS Proxy

for SIP Inspection, page 51-13

.

Enabling the TLS Proxy for SIP Inspection

Enable the TLS proxy for SIP inspection and define policies for both entities that could initiate the
connection.

Step 7

hostname(config-tlsp)# client trust-point

proxy_trustpoint

Example:

hostname(config-tlsp)# client trust-point

ent_y_proxy

Specifies the trustpoint and associated certificate
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.

Where the proxy_trustpoint for the client
trust-point command is the remote entity proxy.

Step 8

hostname(config-tlsp)# client cipher-suite

cipher_suite

Example:

hostname(config-tlsp)# client cipher-suite

aes128-sha1 aes256-sha1 3des-sha1 null-sha1

Specifies cipher suite configuration.

Command

Purpose

Command

Purpose

Step 1

hostname(config)# access-list id extended permit tcp

host

src_ip host dest_ip eq port

Examples:

access-list ent_x_to_y extended permit tcp host

10.0.0.2 host 192.0.2.254 eq 5061

access-list ent_y_to_x extended permit tcp host

192.0.2.254 host 192.0.2.1 eq 5061

Adds an Access Control Entry. The access list is
used to specify the class of traffic to inspect.

Step 2

hostname(config)# class-map class_map_name

Example:

hostname(config)# class-map ent_x_to_y

Configures the secure SIP class of traffic to inspect.

Where class_map_name is the name of the SIP class
map.

Step 3

hostname(config-cmap)# match access-list

access_list_name

Example:

hostname(config-cmap)# match access-list ent_x_to_y

Identifies the traffic to inspect.

Step 4

hostname(config-cmap)# exit

Exits from Class Map configuration mode.

Step 5

hostname(config)# policy-map type inspect sip

policy_map_name

Example:

hostname(config)# policy-map type inspect sip

sip_inspect

Defines special actions for SIP inspection
application traffic.

Step 6

hostname(config-pmap)# parameters

! SIP inspection parameters

Specifies the parameters for SIP inspection.
Parameters affect the behavior of the inspection
engine.

The commands available in parameters
configuration mode depend on the application.

Step 7

hostname(config-pmap)# exit

Exits from Policy Map configuration mode.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals