1-13
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Cisco Unified Presence
Configuring Cisco Unified Presence Proxy for SIP Federation
What to Do Next
Once you have created the TLS proxy instance, enable it for SIP inspection. See Enabling the TLS Proxy
for SIP Inspection, page 1-13.
Enabling the TLS Proxy for SIP Inspection
Enable the TLS proxy for SIP inspection and define policies for both entities that could initiate the
connection.
Step 4
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Specifies cipher suite configuration.
For client proxy (the proxy acts as a TLS client to
the server), the user-defined cipher suite replaces the
default cipher suite.
Step 5
! Remote entity to local entity
hostname(config)# tls-proxy proxy_name
Example:
tls-proxy ent_y_to_x
Creates the TLS proxy instance.
Step 6
hostname(config-tlsp)# server trust-point proxy_name
Example:
hostname(config-tlsp)# server trust-point ent_x_cert
Specifies the proxy trustpoint certificate presented
during TLS handshake.
Where the proxy_name for the server trust-point
command is the local entity proxy name
Step 7
hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point
ent_y_proxy
Specifies the trustpoint and associated certificate
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
Where the proxy_trustpoint for the client
trust-point command is the remote entity proxy.
Step 8
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Specifies cipher suite configuration.
Command Purpose
Command Purpose
Step 1
hostname(config)# access-list id extended permit tcp
host src_ip host dest_ip eq port
Examples:
access-list ent_x_to_y extended permit tcp host
10.0.0.2 host 192.0.2.254 eq 5061
access-list ent_y_to_x extended permit tcp host
192.0.2.254 host 192.0.2.1 eq 5061
Adds an Access Control Entry. The access list is
used to specify the class of traffic to inspect.
Step 2
hostname(config)# class-map class_map_name
Example:
hostname(config)# class-map ent_x_to_y
Configures the secure SIP class of traffic to inspect.
Where class_map_name is the name of the SIP class
map.
Step 3
hostname(config-cmap)# match access-list
access_list_name
Example:
hostname(config-cmap)# match access-list ent_x_to_y
Identifies the traffic to inspect.
To Next Page
Loading...
Need help?
General
