Cisco ASA Series Cli Configuration Manual page 1273
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Cisco Mobility Advantage
Figure 1-1
Mobile Data
Network (GPRS
Data Channel)
Cisco UMC Client
In
Figure
192.0.2.140.
Figure 1-2
function as the corporate firewall. In this scenario, the ASA and the corporate firewall are performing
NAT. The corporate firewall will not be able to predict which client from the Internet needs to connect
to the corporate Cisco UMA server. Therefore, to support this deployment, you can take the following
actions:
•
Set up a NAT rule for inbound traffic that translates the destination IP address 192.0.2.41 to
172.16.27.41.
•
Set up an interface PAT rule for inbound traffic translating the source IP address of every packet so
that the corporate firewall does not need to open up a wildcard pinhole. The Cisco UMA server
receives packets with the source IP address 192.0.12.183.
hostname(config)# object network obj-0.0.0.0-01
hostname(config-network-object)# subnet 0.0.0.0 0.0.0.0
hostname(config-network-object)# nat (outside,inside) dynamic 192.0.2.183
See
information.
Note
Security Appliance as Firewall with Mobility Advantage Proxy and MMP Inspection
MMP/SSL/TLS
cuma.example.com
Network: 192.0.2.0/24
IP Address: 192.0.2.140
PSTN
Voice Channel
1-1, the ASA performs static NAT by translating the Cisco UMA server 10.1.1.2 IP address to
shows deployment scenario 2, where the ASA functions as the TLS proxy only and does not
Chapter 1, "Configuring Network Object NAT"
This interface PAT rule converges the Cisco UMA client IP addresses on the outside interface of
the ASA into a single IP address on the inside interface by using different source ports.
Performing this action is often referred as "outside PAT". "Outside PAT" is not recommended
when TLS proxy for Cisco Mobility Advantage is enabled on the same interface of the ASA with
phone proxy, Cisco Unified Presence, or any other features involving application inspection.
"Outside PAT" is not supported completely by application inspection when embedded address
translation is needed.
Information about the Cisco Mobility Advantage Proxy Feature
Network:
10.1.1.0/24
IP Address:
10.1.1.2
Port: 5443
ASA with
TLS Proxy
MMP/SSL/TLS
Hostname:
Network:
10.1.1.0/24
IP Address:
10.1.1.1
Port: 5443
and
Chapter 1, "Configuring Twice NAT"
Cisco ASA Series CLI Configuration Guide
Enterprise Services
Active Directory
Exchange
Cisco Unified
Presence
Cisco UMA
Voice mail
Server
MP
Conference
M
Cisco UCM
for
1-3
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
