Cisco ASA 5505 Configuration Manual page 926

Licensing for Cisco Unified Communications Proxy Features
•
•
•
For the Cisco Unified Mobility solution, the TLS client is a Cisco UMA client and the TLS server is a
Cisco UMA server. The adaptive security appliance is between a Cisco UMA client and a Cisco UMA
server. The mobility proxy (implemented as a TLS proxy) for Cisco Unified Mobility allows the use of
an imported PKCS-12 certificate for server proxy during the handshake with the client. Cisco UMA
clients are not required to present a certificate (no client authentication) during the handshake.
For the Cisco Unified Presence solution, the adaptive security appliance acts as a TLS proxy between
the Cisco UP server and the foreign server. This allows the adaptive security appliance to proxy TLS
messages on behalf of the server that initiates the TLS connection, and route the proxied TLS messages
to the client. The adaptive security appliance stores certificate trustpoints for the server and the client,
and presents these certificates on establishment of the TLS session.
Licensing for Cisco Unified Communications Proxy Features
The Cisco Unified Communications proxy features supported by the adaptive security appliance require
a Unified Communications Proxy license:
•
•
•
•
In Version 8.2(2) and later, the Mobility Advantage proxy no longer requires a Unified Communications
Note
Proxy license.
The following table shows the Unified Communications Proxy license details by platform for the phone
proxy, TLS proxy for encrypted voice inspection, and presence federation proxy:
Model License Requirement
ASA 5505 Base License and Security Plus License: 2 sessions
Optional license: 24 sessions.
ASA 5510 Base License and Security Plus License: 2 sessions
Optional licenses: 24, 50, or 100 sessions.
ASA 5520 Base License: 2 sessions
Optional licenses: 24, 50, 100, 250, 500, 750, or 1000 sessions.
ASA 5540 Base License: 2 sessions
Optional licenses: 24, 50, 100, 250, 500, 750, 1000, or 2000 sessions.
Cisco ASA 5500 Series Configuration Guide using ASDM
41-4
The TLS proxy decrypts the packets, sends packets to the inspection engine for NAT rewrite and
protocol conformance, optionally encrypts packets, and sends them to Cisco UCM or sends them in
clear text if the IP phone is configured to be in nonsecure mode on the Cisco UCM.
The adaptive security appliance acts as a media terminator as needed and translates between SRTP
and RTP media streams.
The TLS proxy is a transparent proxy that works based on establishing trusted relationship between
the TLS client, the proxy (the adaptive security appliance), and the TLS server.
Phone proxy
TLS proxy for encrypted voice inspection
Presence federation proxy
Intercompany media engine proxy
1
.
1
.
Chapter 41 Information About Cisco Unified Communications Proxy Features
1
.
1
.
OL-20339-01