Cisco ASA 5505 Configuration Manual page 992
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Information about the Cisco Mobility Advantage Proxy Feature
Figure 45-1
OML
The TCP/TLS default port is 5443. There are no embedded NAT or secondary connections.
Cisco UMA client and server communications can be proxied via TLS, which decrypts the data, passes
it to the inspect MMP module, and re-encrypt the data before forwarding it to the endpoint. The inspect
MMP module verifies the integrity of the MMP headers and passes the OML/HTTP to an appropriate
handler. The adaptive security appliance takes the following actions on the MMP headers and data:
•
•
•
4096 is the value currently used in MMP implementations.
Note
Because MMP headers and entities can be split across packets, the adaptive security appliance buffers
data to ensure consistent inspection. The SAPI (stream API) handles data buffering for pending
inspection opportunities. MMP header text is treated as case insensitive and a space is present between
header text and values. Reclaiming of MMP state is performed by monitoring the state of the TCP
connection.
Mobility Advantage Proxy Deployment Scenarios
Figure 45-2
Mobility Advantage solution. In scenario 1 (the recommended deployment architecture), the adaptive
security appliance functions as both the firewall and TLS proxy. In scenario 2, the adaptive security
appliance functions as the TLS proxy only and works with an existing firewall. In both scenarios, the
clients connect from the Internet.
In the scenario 1 deployment, the adaptive security appliance is between a Cisco UMA client and a Cisco
UMA server. The Cisco UMA client is an executable that is downloaded to each smartphone. The Cisco
UMA client applications establishes a data connection, which is a TLS connection, to the corporate
Cisco UMA server. The adaptive security appliance intercepts the connections and inspects the data that
the client sends to the Cisco UMA server.
Cisco ASA 5500 Series Configuration Guide using ASDM
45-2
MMP Stack
HTTP
etc.
MMP
TLS/SSL
TCP
IP
Verifies that client MMP headers are well-formed. Upon detection of a malformed header, the TCP
session is terminated.
Verifies that client to server MMP header lengths are not exceeded. If an MMP header length is
exceeded (4096), then the TCP session is terminated.
Verifies that client to server MMP content lengths are not exceeded. If an entity content length is
exceeded (4096), the TCP session is terminated.
and
Figure 45-3
show the two deployment scenarios for the TLS proxy used by the Cisco
Chapter 45
Configuring Cisco Mobility Advantage
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
