Cisco ASA Series Cli Configuration Manual page 1301

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Configuration manual (429 pages)

Getting started (31 pages)

Mount and connect (12 pages)

Table of Contents

Configuring Cisco Unified Presence

! for Entity Y's CA certificate

crypto ca trustpoint ent_y_ca

crypto ca authenticate ent_y_ca

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself

MIIDRTCCAu+gAwIBAgIQKVcqP/KW74VP0NZzL+JbRTANBgkqhkiG9w0BAQUFADCB

/7QEM8izy0EOTSErKu7Nd76jwf5e4qttkQ==

! Entity X to Entity Y

tls-proxy ent_x_to_y

! Entity Y to Entity X

tls-proxy ent_y_to_x

access-list ent_x_to_y extended permit tcp host 10.0.0.2 host 192.0.2.254 eq 5061

access-list ent_y_to_x extended permit tcp host 192.0.2.254 host 192.0.2.1 eq 5061

class-map ent_x_to_y

class-map ent_y_to_x

policy-map type inspect sip sip_inspect

policy-map global_policy

service-policy global_policy global

Example Access List Configuration for XMPP Federation

Example 1: This example access list configuration allows from any address to any address on port 5269:

access-list ALLOW-ALL extended permit tcp any any eq 5269

Example 2: This example access list configuration allows from any address to any single XMPP

federation node on port 5269. The following values are used in this example:

access-list ALLOW-ALL extended permit tcp any host 1.1.1.1 eq 5269

Example 3: This example access list configuration allows from any address to specific XMPP federation

nodes published in DNS.

The public addresses are published in DNS, but the private addresses are configured in the access-list

enrollment terminal

[ certificate data omitted ]

server trust-point ent_y_proxy

client trust-point ent_x_cert

client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1

server trust-point ent_x_cert

client trust-point ent_y_proxy

client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1

match access-list ent_x_to_y

match access-list ent_y_to_x

! SIP inspection parameters

class ent_x_to_y

inspect sip sip_inspect tls-proxy ent_x_to_y

class ent_y_to_x

inspect sip sip_inspect tls-proxy ent_y_to_x

Private XMPP federation Cisco Unified Presence Release 8.0 IP address = 1.1.1.1

XMPP federation listening port = 5269

Configuration Example for Cisco Unified Presence

Cisco ASA Series CLI Configuration Guide

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Cisco ASA Series Cli Configuration Manual page 1301

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco ASA Series

Related Products for Cisco ASA Series

This manual is also suitable for:

Table of Contents