48-22
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter48 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
What To Do Next
Once you have created the TLS proxy instance and installed the certificate on the Cisco Unified
Communications Manager, create the phone proxy instance. See Creating the Phone Proxy Instance,
page 48-23.
Creating the Media Termination Instance
Create the media termination instance that you will use in the phone proxy.
Step10 hostname(config-tlsp)# server trust-point
_internal_PP_ctl-instance_filename
Example:
hostname(config-tlsp)# server trust-point
_internal_PP_myctl
Configures the server trustpoint and references the
internal trustpoint named
_internal_PP_ctl-instance_filename.
Step11 hostname(config-tlsp)# client ldc issuer ca_tp_name
Example:
client ldc issuer ldc_server
Specifies the local CA trustpoint to issue client
dynamic certificates.
Step12 hostname(config-tlsp)# client ldc keypair key_label
Example:
hostname(config-tlsp)# client ldc keypair
phone_common
Specifies the RSA keypair to be used by client
dynamic certificates.
Step13 hostname(config-tlsp)# client cipher-suite
cipher-suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1
Specifies the cipher suite.
Options include des-sha1, 3des-sha1, aes128-sha1,
aes256-sha1, or null-sha1.
Step14 Exports the local CA certificate and installs it as a
trusted certificate on the Cisco Unified
Communications Manager server by performing one
of the following actions.
hostname(config)# crypto ca export trustpoint
identity-certificate
Example:
hostname(config)# crypto ca export ldc_server
identity-certificate
Exports the certificate if a trustpoint with
proxy-ldc-issuer is used as the signer of the dynamic
certificates.
hostname(config)# show crypto ca server certificates Exports the certificate for the embedded local CA
server LOCAL-CA-SERVER.
After exporting the certificate, you must save the
output to a file and import it on the Cisco Unified
Communications Manager. You can use the Display
Certificates function in the Cisco Unified
Communications Manager software to verify the
installed certificate.
For information about performing these procedures,
see the following URLs:
http://www.cisco.com/en/US/docs/voice_ip_comm/
cucm/cucos/5_0_4/iptpch6.html#wp1040848
http://www.cisco.com/en/US/docs/voice_ip_comm/
cucm/cucos/5_0_4/iptpch6.html#wp1040354
Command Purpose