Cisco ASA 5505 Configuration Manual page 1041

Chapter 47 Configuring Cisco Intercompany Media Engine Proxy
Specify the public network settings.
Step 4
Specify the media termination address settings of Cisco UCM.
Step 5
Configure the local-side certificate management, namely the certificates that are exchanged between the
Step 6
local Cisco Unified Communications Manager servers and the adaptive security appliance. The identity
certificate that the wizard generates in this step needs to be installed on each Cisco Unified
Communications Manager (UCM) server in the cluster with the proxy and each identity certificate from
the Cisco UCMs need to be installed on the adaptive security appliance. The certificates are used by the
adaptive security appliance and the Cisco UCMs to authenticate each other, respectively, during TLS
handshakes. The wizard only supports self-signed certificates for this step.
Configure the remote-side certificate management, namely the certificates that are exchanged between
Step 7
the remote server and the adaptive security appliance. In this step, the wizard generates a certificate
signing request (CSR). After successfully generating the identity certificate request for the proxy, the
wizard prompts you to save the file.
You must send the CSR text file to a certificate authority (CA), for example, by pasting the text file into
the CSR enrollment page on the CA website. When the CA returns the Identity Certificate, you must
install it on the adaptive security appliance. This certificate is presented to remote servers so that they
can authenticate the adaptive security appliance as a trusted server.
Finally, this step of the wizard assists you in installing the root certificates of the CA from the remote
servers so that the adaptive security appliance can determine that the remote servers are trusted.
The wizard completes by displaying a summary of the configuration created for Cisco Intercompany
Media Engine. See the Unified Communications Wizard section in this documentation for more
information.
This section describes how to certain options of the show uc-ime command to obtain troubleshooting
information for the Cisco Intercompany Media Engine Proxy. See the Cisco ASA 5500 Series Command
Reference for detailed information about the syntax for these commands.
show uc-ime signaling-sessions
Displays the corresponding SIP signaling sessions stored by the Cisco Intercompany Media Engine
Proxy. Use this command to troubleshoot media or signaling failure. The command also displays the
fallback parameters extracted from the SIP message headers, whether RTP monitoring is enabled or
disabled, and whether SRTP keys are set.
Through the use of the Cisco Intercompany Media Engine Proxy, not only signaling but also media is
secured for communication. It provides signaling encryption and SRTP/RTP conversion with SRTP
enforced on the Internet side. The Cisco Intercompany Media Engine Proxy inserts itself into the media
path by modifying the SIP signaling messages from Cisco UCMs.The Cisco Intercompany Media Engine
Proxy sits on the edge of the enterprise and inspects SIP signaling between SIP trunks created between
enterprises. It terminates TLS signaling from the Internet and initiates TCP or TLS to the local Cisco
UCM.
hostname# show uc-ime signaling-sessions
1 in use, 3 most used
inside 192.168.10.30:39608 outside 10.194.108.118:5070
Local Media (audio) conn: 10.194.108.119/29824 to 10.194.108.109/21558
Remote Media (audio) conn: 192.168.10.51/19520 to 192.168.10.3/30930
Call-ID: ab6d7980-a7d11b08-50-1e0aa8c0@192.168.10.30
FB Sensitivity: 3
Session ID: 2948-32325449-0@81a985c9-f3a1-55a0-3b19-96549a027259
OL-20339-01
Local SRTP key set : Remote SRTP key set
Configuring Cisco Intercompany Media Engine Proxy
Cisco ASA 5500 Series Configuration Guide using ASDM
47-35