Cisco ASA 5505 Configuration Manual page 1000
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Information About Cisco Unified Presence
Figure 46-1
Cisco UCM
Cisco UP
(UK)
Cisco UCM
Cisco UP
UC
(Ann)
In the above architecture, the adaptive security appliance functions as a firewall, NAT, and TLS proxy,
which is the recommended architecture. However, the adaptive security appliance can also function as
NAT and the TLS proxy alone, working with an existing firewall.
Either server can initiate the TLS handshake (unlike IP Telephony or Cisco Unified Mobility, where only
the clients initiate the TLS handshake). There are by-directional TLS proxy rules and configuration.
Each enterprise can have an adaptive security appliance as the TLS proxy.
In
Figure
NAT or PAT must be configured for foreign server (Entity Y) initiated connections or the TLS handshake
(inbound). Typically, the public port should be 5061. The following static PAT command is required for
the Cisco UP that accepts inbound connections:
hostname(config)# static (inside,outside) tcp 192.0.2.1 5061 10.0.0.2 5061 netmask
255.255.255.255
The following static PAT must be configured for each Cisco UP that could initiate a connection (by
sending SIP SUBSCRIBE) to the foreign server.
For Cisco UP with the address 10.0.0.2, enter the following command:
hostname(config)# static (inside,outside) tcp 192.0.2.1 5062 10.0.0.2 5062 netmask
255.255.255.255
hostname(config)# static (inside,outside) udp 192.0.2.1 5070 10.0.0.2 5070 netmask
255.255.255.255
hostname(config)# static (inside,outside) tcp 192.0.2.1 5060 10.0.0.2 5060 netmask
255.255.255.255
For another Cisco UP with the address 10.0.0.3, you must use a different set of PAT ports, such as 45062
or 45070:
hostname(config)# static (inside,outside) tcp 192.0.2.1 45061 10.0.0.3 5061 netmask
255.255.255.255
Cisco ASA 5500 Series Configuration Guide using ASDM
46-2
Typical Cisco Unified Presence/LCS Federation Scenario
private
Cisco UCM
Cisco UP
(HK)
10.0.0.2
Routing
Inside
Proxy
(US)
(Cisco UP)
Orative
IPPM
(Ann)
(Ann)
46-1, NAT or PAT can be used to hide the private address of Entity X. In this situation, static
Enterprise X
DMZ
192.0.2.1
ASA
Outside
SIP
8.0.4
Internet
Functions as:
• TLS Proxy
• NAT w/SIP
rewrite
• Firewall
Chapter 46
Configuring Cisco Unified Presence
Enterprise Y
DMZ
private network
192.0.2.254
Access
LCS
Proxy
Director
MOC
(Yao)
AD
LCS
MOC
(Zak)
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
