50-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter50 Configuring Cisco Mobility Advantage
Configuring Cisco Mobility Advantage
Enabling the TLS Proxy for MMP Inspection, page50-9
Task Flow for Configuring Cisco Mobility Advantage
To configure for the ASA to perform TLS proxy and MMP inspection as shown in Figure50-2 and
Figure 50-3, perform the following tasks.
It is assumed that self-signed certificates are used between the ASA and the Cisco UMA server.
Prerequisites
Export the Cisco UMA server certificate and keypair in PKCS-12 format so that you can import it onto
the ASA. The certificate will be used during the handshake with the Cisco UMA clients.
Step1 Create the static NAT for the Cisco UMA server by entering the following commands:
hostname(config)# object network name
hostname(config-network-object)# host real_ip
hostname(config-network-object)# nat (real_ifc,mapped_ifc) static mapped_ip
Step2 Import the Cisco UMA server certificate onto the ASA by entering the following commands:
hostname(config)# crypto ca import trustpoint pkcs12 passphrase
[paste base 64 encoded pkcs12]
hostname(config)# quit
Step3 Install the Cisco UMA server certificate on the ASA. See Installing the Cisco UMA Server Certificate,
page 50-7.
Step4 Create the TLS proxy instance for the Cisco UMA clients connecting to the Cisco UMA server. See
Creating the TLS Proxy Instance, page50-8.
Step5 Enable the TLS proxy for MMP inspection. See Enabling the TLS Proxy for MMP Inspection,
page 50-9.
Installing the Cisco UMA Server Certificate
Install the Cisco UMA server self-signed certificate in the ASA truststore. This task is necessary for the
ASA to authenticate the Cisco UMA server during the handshake between the ASA proxy and Cisco
UMA server.
Prerequisites
Export the Cisco UMA server certificate and keypair in PKCS-12 format so that you can import it onto
the ASA.