Cisco Systems ASA 5585-X Manual De Usuario
19-12
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 19 Configuring Cisco Unified Presence
Configuring Cisco Unified Presence Proxy for SIP Federation
What to Do Next
Once you have created the trustpoints and installed the certificates for the local and remote entities on
the ASA, create the TLS proxy instance. See
the ASA, create the TLS proxy instance. See
.
Creating the TLS Proxy Instance
Because either server can initiate the TLS handshake (unlike IP Telephony or Cisco Unified Mobility,
where only the clients initiate the TLS handshake), you must configure by-directional TLS proxy rules.
Each enterprise can have an ASA as the TLS proxy.
where only the clients initiate the TLS handshake), you must configure by-directional TLS proxy rules.
Each enterprise can have an ASA as the TLS proxy.
Create TLS proxy instances for the local and remote entity initiated connections respectively. The entity
that initiates the TLS connection is in the role of “TLS client”. Because the TLS proxy has a strict
definition of “client” and “server” proxy, two TLS proxy instances must be defined if either of the
entities could initiate the connection.
that initiates the TLS connection is in the role of “TLS client”. Because the TLS proxy has a strict
definition of “client” and “server” proxy, two TLS proxy instances must be defined if either of the
entities could initiate the connection.
Command
Purpose
Step 1
! Local entity to remote entity
hostname(config)# tls-proxy proxy_name
Example:
hostname(config)# tls-proxy ent_x_to_y
Creates the TLS proxy instance.
Step 2
hostname(config-tlsp)# server trust-point proxy_name
Example:
hostname(config-tlsp)# server trust-point
ent_y_proxy
Specifies the proxy trustpoint certificate presented
during TLS handshake.
during TLS handshake.
The certificate must be owned by the ASA (identity
certificate).
certificate).
Where the proxy_name for the server trust-point
command is the remote entity proxy name.
command is the remote entity proxy name.
Step 3
hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point ent_x_cert
Specifies the trustpoint and associated certificate
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
The certificate must be owned by the ASA (identity
certificate).
certificate).
Where the proxy_trustpoint for the client
trust-point command is the local entity proxy.
trust-point command is the local entity proxy.
Step 4
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Specifies cipher suite configuration.
For client proxy (the proxy acts as a TLS client to
the server), the user-defined cipher suite replaces the
default cipher suite.
the server), the user-defined cipher suite replaces the
default cipher suite.
Step 5
! Remote entity to local entity
hostname(config)# tls-proxy proxy_name
Example:
tls-proxy ent_y_to_x
Creates the TLS proxy instance.
Step 6
hostname(config-tlsp)# server trust-point proxy_name
Example:
hostname(config-tlsp)# server trust-point ent_x_cert
Specifies the proxy trustpoint certificate presented
during TLS handshake.
during TLS handshake.
Where the proxy_name for the server trust-point
command is the local entity proxy name
command is the local entity proxy name