Cisco Systems and the ASA Services Module Manual De Usuario
19-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 19 Configuring Cisco Unified Presence
Configuring Cisco Unified Presence Proxy for SIP Federation
What to Do Next
Once you have created the TLS proxy instance, enable it for SIP inspection. See
.
Enabling the TLS Proxy for SIP Inspection
Enable the TLS proxy for SIP inspection and define policies for both entities that could initiate the
connection.
connection.
Step 7
hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point
ent_y_proxy
Specifies the trustpoint and associated certificate
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
Where the proxy_trustpoint for the client
trust-point command is the remote entity proxy.
trust-point command is the remote entity proxy.
Step 8
hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Specifies cipher suite configuration.
Command
Purpose
Command
Purpose
Step 1
hostname(config)# access-list id extended permit tcp
host
src_ip host dest_ip eq port
Examples:
access-list ent_x_to_y extended permit tcp host
10.0.0.2 host 192.0.2.254 eq 5061
access-list ent_y_to_x extended permit tcp host
192.0.2.254 host 192.0.2.1 eq 5061
Adds an Access Control Entry. The ACL is used to
specify the class of traffic to inspect.
specify the class of traffic to inspect.
Step 2
hostname(config)# class-map class_map_name
Example:
hostname(config)# class-map ent_x_to_y
Configures the secure SIP class of traffic to inspect.
Where class_map_name is the name of the SIP class
map.
map.
Step 3
hostname(config-cmap)# match access-list
access_list_name
Example:
hostname(config-cmap)# match access-list ent_x_to_y
Identifies the traffic to inspect.
Step 4
hostname(config-cmap)# exit
Exits from Class Map configuration mode.
Step 5
hostname(config)# policy-map type inspect sip
policy_map_name
Example:
hostname(config)# policy-map type inspect sip
sip_inspect
Defines special actions for SIP inspection
application traffic.
application traffic.
Step 6
hostname(config-pmap)# parameters
! SIP inspection parameters
Specifies the parameters for SIP inspection.
Parameters affect the behavior of the inspection
engine.
Parameters affect the behavior of the inspection
engine.
The commands available in parameters
configuration mode depend on the application.
configuration mode depend on the application.
Step 7
hostname(config-pmap)# exit
Exits from Policy Map configuration mode.