Chapter 21 Configuring Cisco Intercompany Media Engine Proxy

Configuring Cisco Intercompany Media Engine Proxy

 

Commands

Purpose

 

 

 

Step 1

hostname(config)# crypto key generate rsa label

Creates an RSA key and trustpoint for the

 

key-pair-label

self-signed certificate.

 

hostname(config)# crypto ca trustpoint

Where key-pair-labelis the RSA key for the local

 

trustpoint_name

 

hostname(config-ca-trustpoint)# enroll self

ASA.

 

hostname(config-ca-trustpoint)# keypair keyname

Where trustpoint_name is the trustpoint for the

 

hostname(config-ca-trustpoint)# subject-name

 

x.500_name

local ASA.

 

Example:

Where keyname is key pair for the local ASA.

 

hostname(config)# crypto key generate rsa label

 

local-ent-key

Where x.500_name includes the X.500 distinguished

 

hostname(config)# crypto ca trustpoint local-asa

 

name of the local ASA; for example,

 

hostname(config-ca-trustpoint)# enroll self

 

cn=Ent-local-domain-name**.

 

hostname(config-ca-trustpoint)# keypair

 

key-local-asa

Note The domain name that you enter here must

 

hostname(config-ca-trustpoint)# subject-name

 

match the domain name that has been set for

 

cn=Ent-local-domain-name**.,o="Example Corp"

 

 

the local Cisco UCM. For information about

 

 

how to configure the domain name for Cisco

 

 

UCM, see the Cisco Unified

 

 

Communications Manager documentation

 

 

for information.

 

 

 

Step 2

hostname(config-ca-trustpoint)# exit

Exits from Trustpoint Configuration mode.

 

 

 

Step 3

hostname(config)# crypto ca export trustpoint

Exports the certificate you created in Step 1. The

 

identity-certificate

certificate contents appear on the terminal screen.

 

Example:

Copy the certificate from the terminal screen. This

 

hostname(config)# crypto ca export local-asa

 

identity-certificate

certificate enables Cisco UCM to validate the

 

 

certificate that the ASA sends in the TLS handshake.

 

 

On the local Cisco UCM, upload the certificate into

 

 

the Cisco UCM trust store. See the Cisco Unified

 

 

Communications Manager documentation for

 

 

information.

 

 

Note The subject name you enter while uploading

 

 

the certificate to the local Cisco UCM is

 

 

compared with the X.509 Subject Name

 

 

field entered on the SIP Trunk Security

 

 

Profile on Cisco UCM. For example,

 

 

“Ent-local-domain-name” was entered in

 

 

Step 1 of this task; therefore,

 

 

“Ent-local-domain-name” should be entered

 

 

in the Cisco UCM configuration.

 

 

 

Step 4

hostname(config)# crypto ca trustpoint

Creates a trustpoint for local Cisco UCM.

 

trustpoint_name

Where trustpoint_name is the trustpoint for the

 

hostname(config-ca-trustpoint)# enroll terminal

 

Example:

local Cisco UCM.

 

hostname(config)# crypto ca trustpoint local-ent-ucm

 

 

hostname(config-ca-trustpoint)# enroll terminal

 

 

 

 

Step 5

hostname(config-ca-trustpoint)# exit

Exits from Trustpoint Configuration mode.

 

 

 

Cisco ASA Series Firewall ASDM Configuration Guide

21-28

Page 515 Page 517
Page 516
Image 516
Cisco Systems ASA 5505, ASA 5545-X, ASA 5555-X, ASA 5585-X, ASA 5580, ASA Services Module manual Commands Purpose, 21-28
Page 515 Page 517

ASA Services Module, ASA 5555-X, ASA 5545-X, ASA 5585-X, ASA 5580 specifications

Cisco Systems has long been a leader in the field of network security, and its Adaptive Security Appliance (ASA) series is a testament to this expertise. Within the ASA lineup, models such as the ASA 5505, ASA 5580, ASA 5585-X, ASA 5545-X, and ASA 5555-X stand out for their unique features, capabilities, and technological advancements.

The Cisco ASA 5505 is designed for small businesses or branch offices. It provides essential security features such as firewall protection, flexible VPN capabilities, and intrusion prevention. The ASA 5505 supports a user-friendly interface, allowing for straightforward management. Its built-in threat detection and prevention tools provide a layered defense, and with scalability in mind, it can accommodate various expansion options as organizational needs grow.

Moving up the line, the ASA 5580 delivers greater throughput and advanced security features. This model is suited for medium to large enterprises that require robust protection against increasingly sophisticated threats. Its multi-core architecture allows it to manage high volumes of traffic seamlessly while maintaining excellent performance levels. The ASA 5580 also supports application-layer security and customizable access policies, making it highly adaptable to diverse security environments.

The ASA 5585-X further enhances Cisco's security offerings with advanced malware protection and extensive security intelligence capabilities. It incorporates next-generation firewall features, including context-aware security, and supports advanced threat detection technologies. This model is ideal for large enterprises or data centers that prioritize security while ensuring uninterrupted network performance and availability.

For enterprises requiring a balance of performance and security, the ASA 5545-X presents a compelling option. This model features scalable performance metrics, high availability, and integrated advanced threat protection. Coupled with advanced endpoint protection and detailed monitoring capabilities, the ASA 5545-X enables organizations to manage their security posture effectively.

Lastly, the ASA 5555-X blends cutting-edge technologies with strong security infrastructures. It boasts high throughput and the ability to execute deep packet inspections. Its sophisticated architecture supports threat intelligence feeds that provide real-time security updates, making it a powerful tool against modern threats.

Each of these Cisco ASA models brings specific advantages to varied environments. Their integrative capabilities enable businesses to enhance their security postures while benefiting from seamless scalability and management. As cybersecurity threats evolve, these advanced appliances play a vital role in protecting valuable digital assets.
Top Page Image Contents