Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Creating Trustpoints and Generating Certificates

21-21

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter21 Configuring Cisco Intercompany Media Engine Proxy

Configuring Cisco Intercompany Media Engine Proxy

What to Do Next

Install the certificate on the local entity truststore. You could also enroll the certificate with a local CA

trusted by the local entity.

Creating Trustpoints and Generating Certificates

You need to generate the keypair for the certificate used by the ASA, and configure a trustpoint to

identify the certificate sent by the ASA in the TLS handshake.

The example command lines in this task are based on a basic (in-line) deployment. See Figure21-6 on

page 21-11 for an illustration explaining the example command lines in this task.

Note This task instructs you on how to create trustpoints for the local enterprise and the remote enterprise and

how to exchange certificates between these two enterprises. This task does not provide steps for creating

trustpoints and exchanging certificates between the local Cisco UCM and the local ASA. However, if

you require additional security within the local enterprise, you must perform the optional task (Optional)

Configuring TLS within the Local Enterprise, page21-27. Performing that task allows for secure TLS

Step5 (Optional)

hostname(config-uc-ime)# fallback monitoring timer

timer_millisec | hold-down timer timer_sec

Examples:

hostname(config-uc-ime)# fallback monitoring timer

120

hostname(config-uc-ime)# fallback hold-down timer 30

Specifies the fallback timers for Cisco Intercompany

Media Engine.

Specifying monitoring timer sets the time between

which the ASA samples the RTP packets received

from the Internet. The ASA uses the data sample to

determine if fallback to the PSTN is needed for a

call.

Where timer_millisec specifies the length of the

monitoring timer. By default, the length is 100

milliseconds for the monitoring timer and the

allowed range is 10-600 ms.

Specifying hold-down timer sets the amount of

time that ASA waits before notifying Cisco UCM

whether to fall back to PSTN.

Where timer_sec specifies the length of the

hold-down timer. By default, the length is 20

seconds for the hold-down timer and the allowed

range is 10-360 seconds.

If you do not use this command to specify fallback

timers, the ASA uses the default settings for the

fallback timers.

Step6 (Optional)

hostname(config-uc-ime)# fallback sensitivity-file

file_name

Example:

hostname(config-uc-ime)# fallback sensitivity-file

ime-fallback-sensitvity.fbs

Specifies the file to use for mid-call PSTN fallback.

Where file_name must be the name of a file on disk

that includes the .fbs file extension.

The fallback file is used to determine whether the

QoS of the call is poor enough for the Cisco

Intercompany Media Engine to move the call to the

PSTN.

Command Purpose

Cisco Systems Creating Trustpoints and Generating Certificates

Models: ASA 5545-X ASA 5555-X ASA 5580 ASA 5585-X ASA Services Module ASA 5505