Cisco ASA 5505 Configuration Manual page 1001

Chapter 46 Configuring Cisco Unified Presence
Information About Cisco Unified Presence
hostname(config)# static (inside,outside) tcp 192.0.2.1 45062 10.0.0.3 5062 netmask
255.255.255.255
hostname(config)# static (inside,outside) udp 192.0.2.1 45070 10.0.0.3 5070 netmask
255.255.255.255
hostname(config)# static (inside,outside) tcp 192.0.2.1 5070 10.0.0.2 5070 netmask
255.255.255.255
hostname(config)# static (inside,outside) tcp 192.0.2.1 45060 10.0.0.3 5060 netmask
255.255.255.255
Dynamic NAT or PAT can be used for the rest of the outbound connections or the TLS handshake. The
adaptive security appliance SIP inspection engine takes care of the necessary translation (fixup).
hostname(config)# global (outside) 102 192.0.2.1 netmask 255.255.255.255
hostname(config)# nat (inside) 102 0.0.0.0 0.0.0.0
Figure 46-2 illustrates an abstracted scenario with Entity X connected to Entity Y through the presence
federation proxy on the adaptive security appliance. The proxy is in the same administrative domain as
Entity X. Entity Y could have another adaptive security appliance as the proxy but this is omitted for
simplicity.
Figure 46-2 Abstracted Presence Federation Proxy Scenario between Two Server Entities
Enterprise X Enterprise Y
Inside Outside
ASA SIP/TLS
Entity X Entity Y
Internet
TLS Proxy
10.0.0.2 10.0.0.1 192.0.2.1 192.0.2.254
192.0.2.2
Enterprise Y Firewall omitted
For the Entity X domain name to be resolved correctly when the adaptive security appliance holds its
credential, the adaptive security appliance could be configured to perform NAT for Entity X, and the
domain name is resolved as the Entity X public address for which the adaptive security appliance
provides proxy service.
For further information about configuring Cisco Unified Presence Federation for SIP Federation, see the
Integration Guide for Configuring Cisco Unified Presence for Interdomain Federation.:
http://www.cisco.com/en/US/products/ps6837/products_installation_and_configuration_guides_list.ht
ml
Trust Relationship in the Presence Federation
Within an enterprise, setting up a trust relationship is achievable by using self-signed certificates or you
can set it up on an internal CA.
Establishing a trust relationship cross enterprises or across administrative domains is key for federation.
Cross enterprises you must use a trusted third-party CA (such as, VeriSign). The adaptive security
appliance obtains a certificate with the FQDN of the Cisco UP (certificate impersonation).
Cisco ASA 5500 Series Configuration Guide using ASDM
46-3
OL-20339-01