CHAPT ER
49-1
Cisco ASA 5500 Series Configuration Guide using the CLI
49
Configuring the TLS Proxy for Encrypted Voice

Inspection

This chapter describes how to configure the adaptive security appliance for the TLS Proxy for Encrypted
Voice Inspection feature.
This chapter includes the following sections:
Information about the TLS Proxy for Encrypted Voice Inspection, page49-1
Licensing for the TLS Proxy, page49-5
Prerequisites for the TLS Proxy for Encrypted Voice Inspection, page49-7
Configuring the TLS Proxy for Encrypted Voice Inspection, page49-7
Monitoring the TLS Proxy, page49-15
Feature History for the TLS Proxy for Encrypted Voice Inspection, page49-17

Information about the TLS Proxy for Encrypted Voice Inspection

End-to-end encryption often leaves network security appliances “blind” to media and signaling traffic,
which can compromise access control and threat prevention security functions. This lack of visibility can
result in a lack of interoperability between the firewall functions and the encrypted voice, leaving
businesses unable to satisfy both of their key security requirements.
The ASA is able to intercept and decrypt encrypted signaling from Cisco encrypted endpoints to the
Cisco Unified Communications Manager (Cisco UCM), and apply the required threat protection and
access control. It can also ensure confidentiality by re-encrypting the traffic onto the Cisco UCM servers.
Typically, the ASA TLS Proxy functionality is deployed in campus unified communications network.
This solution is ideal for deployments that utilize end to end encryption and firewalls to protect Unified
Communications Manager servers.
The security appliance in Figure 49-1 serves as a proxy for both client and server, with Cisco IP Phone
and Cisco UCM interaction.