25-82
Cisco Security Appliance Command Line Configuration Guide
OL-12172-03
Chapter 25 Configuring Application Layer Protocol Inspection
TLS Proxy for Encrypted Voice Inspection
Configuring TLS Proxy
The security appliance in
Figure 25-5
serves as a proxy for both client and server, with Cisco IP Phone
and Cisco Unified CallManager interaction.
Figure 25-5
TLS Proxy Flow
Before configuring TLS proxy, the following prerequisites are required:
•
You must set clock on the security appliance before configuring TLS proxy. To set the clock
manually and display clock, use the
clock set
and
show clock
commands. We recommend that the
security appliance use the same NTP server as the Cisco Unified CallManager cluster. TLS
handshake may fail due to certificate validation failure if clock is out of sync between the security
appliance and the Cisco Unified CallManager server.
IP
M
Client Certificate
Client Key Exchange
Certificate Verify
[Change Cipher Spec]
Finished
(Proxy) Server Hello
(Proxy) Server Certificate
(Proxy) Server Key Exchange
Certificate Request
(Proxy) Server Hello Done
(Proxy) Client Hello
(Proxy) Dynamic Client Certificate
(Proxy) Client Key Exchange
Certificate Verify
[Change Cipher Spec]
Finished
Server Hello
Server Certificate
Server Key Exchange
Certificate Request
Server Hello Done
[Change Cipher Spec]
Finished
182831
Cisco IP Phone
Cisco ASA
Cisco CallManager
[Change Cipher Spec]
Finished
Application Data
INSPECTION
Application Data
Client Hello
Summary of Contents for 500 Series
Page 38: ...Contents xxxviii Cisco Security Appliance Command Line Configuration Guide OL 12172 03 ...
Page 45: ...P A R T 1 Getting Started and General Information ...
Page 46: ......
Page 277: ...P A R T 2 Configuring the Firewall ...
Page 278: ......
Page 561: ...P A R T 3 Configuring VPN ...
Page 562: ......
Page 891: ...P A R T 4 System Administration ...
Page 892: ......
Page 975: ...P A R T 5 Reference ...
Page 976: ......