Cisco ASA Series Cli Configuration Manual page 1286
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Information About Cisco Unified Presence
Figure 1-1
Cisco UCM
Cisco UP
(UK)
Cisco UCM
Cisco UP
UC
(Ann)
In the above architecture, the ASA functions as a firewall, NAT, and TLS proxy, which is the
recommended architecture. However, the ASA can also function as NAT and the TLS proxy alone,
working with an existing firewall.
Either server can initiate the TLS handshake (unlike IP Telephony or Cisco Unified Mobility, where only
the clients initiate the TLS handshake). There are by-directional TLS proxy rules and configuration.
Each enterprise can have an ASA as the TLS proxy.
In
Figure
NAT or PAT must be configured for foreign server (Entity Y) initiated connections or the TLS handshake
(inbound). Typically, the public port should be 5061. The following static PAT command is required for
the Cisco UP that accepts inbound connections:
hostname(config)# object network obj-10.0.0.2-01
hostname(config-network-object)# host 10.0.0.2
hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service tcp 5061
5061
The following static PAT must be configured for each Cisco UP that could initiate a connection (by
sending SIP SUBSCRIBE) to the foreign server.
For Cisco UP with the address 10.0.0.2, enter the following command:
hostname(config)# object network obj-10.0.0.2-02
hostname(config-network-object)# host 10.0.0.2
hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service tcp 5062
5062
hostname(config)# object network obj-10.0.0.2-03
hostname(config-network-object)# host 10.0.0.2
hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service udp 5070
5070
hostname(config)# object network obj-10.0.0.2-04
hostname(config-network-object)# host 10.0.0.2
Cisco ASA Series CLI Configuration Guide
1-2
Typical Cisco Unified Presence/LCS Federation Scenario
private
Cisco UCM
Cisco UP
(HK)
10.0.0.2
Routing
Inside
Proxy
(US)
(Cisco UP)
Orative
IPPM
(Ann)
(Ann)
1-1, NAT or PAT can be used to hide the private address of Entity X. In this situation, static
Chapter 1
Enterprise X
DMZ
192.0.2.1
ASA
Outside
SIP
8.0.4
Internet
Functions as:
• TLS Proxy
• NAT w/SIP
rewrite
• Firewall
Configuring Cisco Unified Presence
Enterprise Y
DMZ
private network
192.0.2.254
Access
LCS
LCS
Proxy
Director
MOC
(Yao)
AD
MOC
(Zak)
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
