Cisco ASA 5505 Configuration Manual page 984

CTL Provider
The Add TLS Proxy Instance Wizard – Other Steps dialog box opens. The Other Steps dialog box
provides instructions on the steps to complete outside the ASDM to make the TLS Proxy fully functional
(see
Add TLS Proxy Instance Wizard – Other Steps
Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.
The last dialog box of the Add TLS Proxy Instance Wizard specifies the additional steps required to
make TLS Proxy fully functional. In particular, you need to perform the following tasks to complete the
TLS Proxy configuration:
•
•
•
•
Edit TLS Proxy Instance – Server Configuration
This feature is not supported for the Adaptive Security Appliance version 8.1.2.
Note
The TLS Proxy enables inspection of SSL encrypted VoIP signaling, namely Skinny and SIP, interacting
with Cisco Call Manager and to support the Cisco Unified Communications features on the adaptive
security appliance.
Cisco ASA 5500 Series Configuration Guide using ASDM
44-12
"Add TLS Proxy Instance Wizard – Other Steps" section on page
Export the local CA certificate or LDC Issuer and install them on the original TLS server.
To export the LDC Issuer, go to Configuration > Firewall > Advanced > Certificate Management >
Identity Certificates > Export. See the
For the TLS Proxy, enable Skinny and SIP inspection between the TLS server and TLS clients. See
the "SIP Inspection" section on page 38-23
page 38-36. When you are configuring the TLS Proxy for Presence Federation (which uses CUP),
you only enable SIP inspection because the feature supports only the SIP protocol.
For the TLS Proxy for CUMA, enable MMP inspection.
When using the internal Certificate Authority of the adaptive security appliance to sign the LDC
Issuer for TLS clients, perform the following:
– Use the Cisco CTL Client to add the server proxy certificate to the CTL file and install the CTL
file on the adaptive security appliance.
For information on the Cisco CTL Client, see "Configuring the Cisco CTL Client" in Cisco
Unified CallManager Security Guide.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/5_0_4/secuauth.html
To install the CTL file on the adaptive security appliance, go to Configuration > Firewall >
Unified Communications > CTL Provider > Add. The Add CTL Provider dialog box opens. For
information on using this dialog box to install the CTL file, see the
section on page 44-6.
Create a CTL provider instance for connections from the CTL clients. See the
–
Provider" section on page
Chapter 44 Configuring the TLS Proxy for Encrypted Voice Inspection
"Exporting an Identity Certificate" section on page
and the "Skinny (SCCP) Inspection" section on
44-6.
44-12).
35-17.
"Add/Edit CTL Provider"
"Add/Edit CTL
OL-20339-01