Cisco ASA 5505 Configuration Manual page 1037

Chapter 47 Configuring Cisco Intercompany Media Engine Proxy
(Optional) Configuring Off Path Signaling
Perform this task only when you are configuring the Cisco Intercompany Media Engine Proxy as part of
an off path deployment. You might choose to have an off path deployment when you want to use the
Cisco Intercompany Media Engine but do not want to replace your existing Internet firewall with an
adaptive security appliance enabled with the Cisco Intercompany Media Engine Proxy.
In an off path deployment, normal Internet facing trafficflows through the existing Internet firewall while
the Cisco Intercompany Media Engine traffic flows through the adaptive security appliance enabled with
the Cisco Intercompany Media Engine Proxy.
Off path signaling requires that outside IP addresses translate to an inside IP address. The inside
interface address can be used for this mapping service configuration. For the Cisco Intercompany Media
Engine Proxy, the adaptive security appliance creates dynamic mappings for external addresses to the
internal IP address; therefore, using the dynamic NAT configuration on outbound calls, Cisco UCM
sends SIP traffic to this internal IP address, and the adaptive security appliance uses that mapping to
determine the real destination on inbound calls. The static NAT or PAT mapping is used for inbound calls
in an off path configuration.
Figure 47-9
Local Enterprise
Local Cisco UCM
After you configure off path signaling, the adaptive security appliance mapping service listens on
interface "inside" for requests. When it receives a request, it creates a dynamic mapping for the "outside"
as the destination interface.
To configure off path signaling for the Cisco Intercompany Media Engine Proxy, perform the following
steps:
Command
Step 1
hostname(config)# object network name
Example:
hostname(config)# object network outside-any
Step 2
hostname(config-network-object)# subnet ip_address
Example:
hostname(config-network-object)# subnet 0.0.0.0
0.0.0.0
Step 3
hostname(config-network-object)# nat inside dynamic
interface
OL-20339-01
Example for Configuring Off Path Signaling in an Off Path Deployment
ASA inside interface
192.168.10.1
M
TCP
Corporate
Network
IP
IP
IP
Configuring Cisco Intercompany Media Engine Proxy
OUTSIDE 0.0.0.0 0.0.0.0
192.168.10.1
TLS
Local ASA Outside Cisco UCM address
209.165.200.228
Purpose
For the off path adaptive security appliance, creates
a network object to represent all outside addresses.
Specifies the IP address of the subnet.
Creates a mapping for the Cisco UCM of remote
enterprises.
Cisco ASA 5500 Series Configuration Guide using ASDM
ip_address:port
Internet
47-31