Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 451

    Page 451 17-21 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Configuring the Phone Proxy NoteIf NAT is configured for the TFTP server, the NAT configuration must be configured prior to specifying the TFTP server while creating the Phone Proxy instance. Step 4In the TFTP Server IP Address field, specify the address of the TFTP server. Create the TFTP server using the actual internal IP address. Step 5(Optional) In the Port field, specify the port the... 
     
17-21
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Configuring the Phone Proxy
NoteIf NAT is configured for the TFTP server, the NAT configuration must be configured prior to specifying 
the TFTP server while creating the Phone Proxy instance. 
Step 4In the TFTP Server IP Address field, specify the address of the TFTP server. Create the TFTP server 
using the actual internal IP address. 
Step 5(Optional) In the Port field, specify the port the...

    Page 452

    Page 452 17-22 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 17 Configuring the Cisco Phone Proxy Feature History for the Phone Proxy Step 4Click Save Settings. Port forwarding is configured. Feature History for the Phone Proxy Table 17-3 lists the release history for this feature. Table 17-2 Port Forwarding Values to Add to Router Application Start End Protocol IP Address Enabled IP phone 1024 65535 UDPPhone IP addressChecked TFTP 69 69 UDPPhone IP addressChecked Table 17-3 Feature... 
     
17-22
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 17      Configuring the Cisco Phone Proxy
  Feature History for the Phone Proxy
Step 4Click Save Settings. Port forwarding is configured.
Feature History for the Phone Proxy
Table 17-3 lists the release history for this feature.
Table 17-2 Port Forwarding Values to Add to Router
Application Start End Protocol IP Address Enabled
IP phone 1024 65535 UDPPhone IP addressChecked
TFTP 69 69 UDPPhone IP addressChecked
Table 17-3 Feature...

    Page 453

    Page 453 CH A P T E R 18-1 Cisco ASA Series Firewall ASDM Configuration Guide 18 Configuring the TLS Proxy for Encrypted Voice Inspection This chapter describes how to configure the ASA for the TLS Proxy for Encrypted Voice Inspection feature. This chapter includes the following sections: Information about the TLS Proxy for Encrypted Voice Inspection, page 18-1 Licensing for the TLS Proxy, page 18-4 Prerequisites for the TLS Proxy for Encrypted Voice Inspection, page 18-6 Configuring the TLS Proxy for... 
    CH A P T E R
 
18-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
18
Configuring the TLS Proxy for Encrypted Voice 
Inspection
This chapter describes how to configure the ASA for the TLS Proxy for Encrypted Voice Inspection 
feature.
This chapter includes the following sections: 
Information about the TLS Proxy for Encrypted Voice Inspection, page 18-1
Licensing for the TLS Proxy, page 18-4
Prerequisites for the TLS Proxy for Encrypted Voice Inspection, page 18-6
Configuring the TLS Proxy for...

    Page 454

    Page 454 18-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection Information about the TLS Proxy for Encrypted Voice Inspection Figure 18-1 TLS Proxy Flow Decryption and Inspection of Unified Communications Encrypted Signaling With encrypted voice inspection, the security appliance decrypts, inspects and modifies (as needed, for example, performing NAT fixup), and re-encrypts voice signaling traffic while all of the existing VoIP... 
     
18-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  Information about the TLS Proxy for Encrypted Voice Inspection
Figure 18-1 TLS Proxy Flow
Decryption and Inspection of Unified Communications Encrypted Signaling 
With encrypted voice inspection, the security appliance decrypts, inspects and modifies (as needed, for 
example, performing NAT fixup), and re-encrypts voice signaling traffic while all of the existing VoIP...

    Page 455

    Page 455 18-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection Information about the TLS Proxy for Encrypted Voice Inspection proxy, the CTL file must contain the certificate that the security appliance creates for the Cisco UCMs. To proxy calls on behalf of the Cisco IP Phone, the security appliance presents a certificate that the Cisco UCM can verify, which is a Local Dynamic Certificate for the phone, issued by the certificate... 
     
18-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  Information about the TLS Proxy for Encrypted Voice Inspection
proxy, the CTL file must contain the certificate that the security appliance creates for the Cisco UCMs. 
To proxy calls on behalf of the Cisco IP Phone, the security appliance presents a certificate that the Cisco 
UCM can verify, which is a Local Dynamic Certificate for the phone, issued by the certificate...

    Page 456

    Page 456 18-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection Licensing for the TLS Proxy Cisco Unified Wireless IP Phone 7925 Cisco IP Communicator (CIPC) for softphones Licensing for the TLS Proxy The TLS proxy for encrypted voice inspection feature supported by the ASA require a Unified Communications Proxy license. The following table shows the Unified Communications Proxy license details by platform: NoteThis feature is... 
     
18-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  Licensing for the TLS Proxy
Cisco Unified Wireless IP Phone 7925 
Cisco IP Communicator (CIPC) for softphones 
Licensing for the TLS Proxy 
The TLS proxy for encrypted voice inspection feature supported by the ASA require a Unified 
Communications Proxy license. 
The following table shows the Unified Communications Proxy license details by platform:
NoteThis feature is...

    Page 457

    Page 457 18-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection Licensing for the TLS Proxy Table 18-1 shows the default and maximum TLS session details by platform. For more information about licensing, see Chapter 5, “Managing Feature Licenses for Cisco ASA Version 7.1,” in the general operations configuration guide. ASA 5585-X with SSP-20, -40, or -60Base License: 2 sessions. Optional licenses: 24, 50, 100, 250, 500, 750, 1000,... 
     
18-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  Licensing for the TLS Proxy
Table 18-1 shows the default and maximum TLS session details by platform. 
For more information about licensing, see Chapter 5, “Managing Feature Licenses for Cisco ASA 
Version 7.1,” in the general operations configuration guide. ASA 5585-X with 
SSP-20, -40, or -60Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, 500, 750, 1000,...

    Page 458

    Page 458 18-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection Prerequisites for the TLS Proxy for Encrypted Voice Inspection Prerequisites for the TLS Proxy for Encrypted Voice Inspection Before configuring TLS proxy, the following prerequisites are required: You must set clock on the security appliance before configuring TLS proxy. To set the clock manually and display clock, use the clock set and show clock commands. We recommend... 
     
18-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  Prerequisites for the TLS Proxy for Encrypted Voice Inspection
Prerequisites for the TLS Proxy for Encrypted Voice Inspection
Before configuring TLS proxy, the following prerequisites are required:
You must set clock on the security appliance before configuring TLS proxy. To set the clock 
manually and display clock, use the clock set and show clock commands. We recommend...

    Page 459

    Page 459 18-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection CTL Provider Client Details—Lists the name and IP address of the client. –Interface Name—Lists the defined interface name. –IP Address—Lists the defined interface IP address. Certificate Name—Lists the certificate to be exported. Add—Adds a CTL Provider. Edit—Edits a CTL Provider. Delete—Deletes a CTL Provider. Add/Edit CTL Provider The Add/Edit CTL Provider dialog box... 
     
18-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  CTL Provider
Client Details—Lists the name and IP address of the client.
–Interface Name—Lists the defined interface name.
–IP Address—Lists the defined interface IP address.
Certificate Name—Lists the certificate to be exported.
Add—Adds a CTL Provider.
Edit—Edits a CTL Provider.
Delete—Deletes a CTL Provider.
Add/Edit CTL Provider
The Add/Edit CTL Provider dialog box...

    Page 460

    Page 460 18-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 18 Configuring the TLS Proxy for Encrypted Voice Inspection CTL Provider Configure TLS Proxy Pane NoteThis feature is not supported for the Adaptive Security Appliance version 8.1.2. You can configure the TLS Proxy from the Configuration > Firewall > Unified Communications > TLS Proxy pane. Configuring a TLS Proxy lets you use the TLS Proxy to enable inspection of SSL encrypted VoIP signaling, namely Skinny and SIP, interacting... 
     
18-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 18      Configuring the TLS Proxy for Encrypted Voice Inspection
  CTL Provider
Configure TLS Proxy Pane
NoteThis feature is not supported for the Adaptive Security Appliance version 8.1.2.
You can configure the TLS Proxy from the Configuration > Firewall > Unified Communications > TLS 
Proxy pane.
Configuring a TLS Proxy lets you use the TLS Proxy to enable inspection of SSL encrypted VoIP 
signaling, namely Skinny and SIP, interacting...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals