Cisco Systems ASA 5585-X Manual De Usuario

Once you have created the CTL provider instance, create the TLS proxy instance. See 

Create the TLS proxy instance to handle the encrypted signaling.

ciscoasa(config)# ctl-provider ctl_name 

ciscoasa(config)# ctl-provider my_ctl

Enters the CTL provider configuration mode so that 
you can create the Certificate Trust List provider 
instance.

ciscoasa(config-ctl-provider)# client interface 

if_name ipv4_addr

ciscoasa(config-ctl-provider)# client interface 

Specifies clients allowed to connect to the 
Certificate Trust List provider. 

Where interface if_name specifies the interface 
allowed to connect and ipv4_addr specifies the IP 
address of the client. 

More than one command may be issued to define 
multiple clients. 

ciscoasa(config-ctl-provider)# client username 

user_name password password encrypted

ciscoasa(config-ctl-provider)# client username 

Specifies the username and password for client 
authentication. 

The username and password must match the 
username and password for Cisco UCM 
administration. 

ciscoasa(config-ctl-provider)# export certificate 

ciscoasa(config-ctl-provider)# export certificate 

Specifies the certificate to be exported to the client. 
The certificate will be added to the Certificate Trust 
List file composed by the CTL client. 

The trustpoint name in the export command is the 
proxy certificate for the Cisco UCM server.

ciscoasa(config-ctl-provider)# ctl install

Enables the CTL provider to parse the CTL file from 
the CTL client and install trustpoints for entries 
from the CTL file. Ttrustpoints installed by this 
command have names prefixed with 
"_internal_CTL_<ctl_name>."