Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Edit TLS Proxy Instance Client Configuration

18-14

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection

CTL Provider

The Manage CA Certificates dialog box opens. See the “Guidelines and Limitations” section on

page 40-10 in the general operations configuration guide. Click Add to open the Install Certificate

dialog box. See the “Configuring CA Certificate Authentication” section on page 40-12 in the general

operations configuration guide.

When you are configuring the TLS Proxy for the Phone Proxy, click Install TLS Server’s Certificate

and install the Cisco Unified Call Manager (CUCM) certificate so that the proxy can authenticate the IP

phones on behalf of the CUCM server.

Step 6 To require the ASA to present a certificate and authenticate the TLS client during TLS handshake, check

the Enable client authentication during TLS Proxy handshake check box.

When adding a TLS Proxy Instance for Mobile Advantage (the CUMC client and CUMA server), disable

the check box when the client is incapable of sending a client certificate.

Step 7 Click Apply to save the changes.

Edit TLS Proxy Instance – Client Configuration

Note This feature is not supported for the Adaptive Security Appliance version 8.1.2.

The TLS Proxy enables inspection of SSL encrypted VoIP signaling, namely Skinny and SIP, interacting

with Cisco Call Manager and to support the Cisco Unified Communications features on the ASA.

The fields in the Edit TLS Proxy dialog box are identical to the fields displayed when you add a TLS

Proxy instance. Use the Edit TLS Proxy – Client Configuration tab to edit the client proxy parameters

for the original TLS Client, such as IP phones, CUMA clients, the Cisco Unified Presence Server

(CUPS), or the Microsoft OCS server.

Step 1 Open the Configuration > Firewall > Unified Communications > TLS Proxy pane.

Step 2 To edit a TLS Proxy Instance, click Edit.

The Edit TLS Proxy Instance dialog box opens.

Step 3 If necessary, click the Client Configuration tab.

Step 4 To specify a client proxy certificate to use for the TLS Proxy, perform the following. Select this option

when the client proxy certificate is being used between two servers; for example, when configuring the

TLS Proxy for Presence Federation, which uses the Cisco Unified Presence Server (CUPS), both the TLS

client and TLS server are both servers.

a. Check the Specify the proxy certificate for the TLS Client... check box.

b. Select a certificate from the drop-down list.

To create a new client proxy certificate, click Manage. The Manage Identify Certificates dialog box

opens. See the “Configuring Identity Certificates Authentication” section on page 40-24 in the

general operations configuration guide.

Cisco Systems Edit TLS Proxy Instance Client Configuration