51-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter51 Configuring Cisco Unified Presence
Configuring Cisco Unified Presence Proxy for SIP Federation
What to Do Next
Once you have created the TLS proxy instance, enable it for SIP inspection. See Enabling the TLS Proxy
for SIP Inspection, page 51-13.
Enabling the TLS Proxy for SIP Inspection
Enable the TLS proxy for SIP inspection and define policies for both entities that could initiate the
connection.
Step7 hostname(config-tlsp)# client trust-point
proxy_trustpoint
Example:
hostname(config-tlsp)# client trust-point
ent_y_proxy
Specifies the trustpoint and associated certificate
that the ASA uses in the TLS handshake when the
ASA assumes the role of the TLS client.
Where the proxy_trustpoint for the client
trust-point command is the remote entity proxy.
Step8 hostname(config-tlsp)# client cipher-suite
cipher_suite
Example:
hostname(config-tlsp)# client cipher-suite
aes128-sha1 aes256-sha1 3des-sha1 null-sha1
Specifies cipher suite configuration.
Command Purpose
Command Purpose
Step1 hostname(config)# access-list id extended permit tcp
host src_ip host dest_ip eq port
Examples:
access-list ent_x_to_y extended permit tcp host
10.0.0.2 host 192.0.2.254 eq 5061
access-list ent_y_to_x extended permit tcp host
192.0.2.254 host 192.0.2.1 eq 5061
Adds an Access Control Entry. The access list is
used to specify the class of traffic to inspect.
Step2 hostname(config)# class-map class_map_name
Example:
hostname(config)# class-map ent_x_to_y
Configures the secure SIP class of traffic to inspect.
Where class_map_name is the name of the SIP class
map.
Step3 hostname(config-cmap)# match access-list
access_list_name
Example:
hostname(config-cmap)# match access-list ent_x_to_y
Identifies the traffic to inspect.
Step4 hostname(config-cmap)# exit Exits from Class Map configuration mode.
Step5 hostname(config)# policy-map type inspect sip
policy_map_name
Example:
hostname(config)# policy-map type inspect sip
sip_inspect
Defines special actions for SIP inspection
application traffic.
Step6 hostname(config-pmap)# parameters
! SIP inspection parameters
Specifies the parameters for SIP inspection.
Parameters affect the behavior of the inspection
engine.
The commands available in parameters
configuration mode depend on the application.
Step7 hostname(config-pmap)# exit Exits from Policy Map configuration mode.