EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1217 background imageLoading...
Page #1217 background image
1-19
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
What to Do Next
Once you have created the trustpoints and generated the certificates, create the CTL file for the phone
proxy. See Creating the CTL File, page 1-19.
If you are configuring the phone proxy in a mixed-mode cluster, you can use an existing CTL file. See
Using an Existing CTL File, page 1-20.
Creating the CTL File
Create the CTL file that will be presented to the IP phones during the TFTP requests.
Prerequisites
If you are using domain names for your Cisco UCM and TFTP server, you must configure DNS lookup
on the ASA. Add an entry for each of the outside interfaces on the ASA into your DNS server, if such
entries are not already present. Each ASA outside IP address should have a DNS entry associated with
it for lookups. These DNS entries must also be enabled for Reverse Lookup.
Enable DNS lookups on your ASA with the dns domain-lookup interface_name command (where the
interface_name specifies the interface that has a route to your DNS server). Additionally, define your
DNS server IP address on the ASA; for example:
dns name-server 10.2.3.4 (IP address of your DNS
server).
Note You can enter the dns domain-lookup command multiple times to enable DNS lookup on
multiple interfaces. If you enter multiple commands, the ASA tries each interface in the order it
appears in the configuration until it receives a response.
See the command reference for information about the dns domain-lookup command.
Step 5
hostname(config-ca-trustpoint)# exit
Exits from the Configure Trustpoint mode.
Step 6
hostname(config)# crypto ca enroll trustpoint
Example:
crypto ca enroll cucm_tftp_server
Requests the certificate from the CA server and
causes the ASA to generate the certificate.
When prompted to include the device serial number
in the subject name, type Y to include the serial
number or type N to exclude it.
When prompted to generate the self-signed
certificate, type Y.
Command Purpose
Command Purpose
Step 1
hostname(config)# ctl-file ctl_name
Example:
ctl-file myctl
Creates the CTL file instance.
Step 2
hostname(config-ctl-file)# record-entry tftp
trustpoint trustpoint_name address TFTP_IP_address
Example:
record-entry cucm-tftp trustpoint cucm_tftp_server
address 10.10.0.26
Creates the record entry for the TFTP server.
Note Use the global or mapped IP address of the
TFTP server or Cisco UCM if NAT is
configured.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals