Cisco ASA 5505 Configuration Manual page 1009
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 47
Configuring Cisco Intercompany Media Engine Proxy
Information About Cisco Intercompany Media Engine Proxy
On successful verification, the terminating side creates a ticket that grants permission to the call
originator to make a Cisco IME call to a specific number. See
Tickets and Passwords, page 47-3
for
information.
Figure 47-1
Interaction of the UC-IME Proxy with the PSTN
Enterprise A
Enterprise B
UC-IME
UC-IME
Server
Server
IP
IP
Cisco UCM
Cisco UCM
Public
Internet
M
M
IP
ASA
ASA
IP
PSTN
Tickets and Passwords
Cisco Intercompany Media Engine utilizes tickets and passwords to provide enterprise verification.
Verification through the creation of tickets ensures an enterprise is not subject to denial-of-service
(DOS) attacks from the Internet or endless VoIP spam calls. Ticket verification prevents spam and DOS
attacks because it introduces a cost to the VoIP caller; namely, the cost of a PSTN call. A malicious user
cannot set up just an open source asterisk PBX on the Internet and begin launching SIP calls into an
enterprise running Cisco Intercompany Media Engine. Having the Cisco Intercompany Media Engine
Proxy verify tickets allows incoming calls from a particular enterprise to a particular number only when
that particular enterprise has previously called that phone number on the PSTN.
To send a spam VoIP call to every phone within an enterprise, an organization would have to purchase
the Cisco Intercompany Media Engine and Cisco Unified Communications Manager and have called
each phone number within the enterprise over the PSTN and completed each call successfully. Only then
can it launch a VoIP call to each number.
The Cisco Intercompany Media Engine server creates tickets and the adaptive security appliance
validates them. The adaptive security appliance and Cisco Intercompany Media Engine server share a
password that is configured so that the adaptive security appliance detects the ticket was created by a
trusted Cisco Intercompany Media Engine server. The ticket contains information that indicates that the
enterprise is authorized to call specific phone numbers at the target enterprise. See
Figure 47-2
for the
ticket verification process and how it operates between the originating and terminating-call enterprises.
Because the initial calls are over the PSTN, they are subject to any national regulations regarding
Note
telemarketing calling. For example, within the United States, they would be subject to the national
do-not-call registry.
Cisco ASA 5500 Series Configuration Guide using ASDM
47-3
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
