Xmpp federation deployments – Cisco ASA 5505 User Manual

Page 1073

Advertising
background image

51-5

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 51 Configuring Cisco Unified Presence

Information About Cisco Unified Presence

Security Certificate Exchange Between Cisco UP and the Security Appliance

You need to generate the keypair for the certificate (such as

cup_proxy_key

) used by the ASA, and

configure a trustpoint to identify the self-signed certificate sent by the ASA to Cisco UP (such as

cup_proxy

) in the TLS handshake.

For the ASA to trust the Cisco UP certificate, you need to create a trustpoint to identify the certificate
from the Cisco UP (such as

cert_from_cup

), and specify the enrollment type as terminal to indicate that

you will paste the certificate received from the Cisco UP into the terminal.

XMPP Federation Deployments

Figure 51-4

provides an example of an XMPP federated network between Cisco Unified Presence

enterprise deployment and an IBM Sametime enterprise deployment. TLS is optional for XMPP
federation. ASA acts only as a firewall for XMPP federation; it does not provide TLS proxy functionality
or PAT for XMPP federation.

Figure 51-4

Basic XMPP Federated Network between Cisco Unified Presence and IBM Sametime

There are two DNS servers within the internal Cisco Unified Presence enterprise deployment. One DNS
server hosts the Cisco Unified Presence private address. The other DNS server hosts the Cisco Unified
Presence public address and a DNS SRV records for SIP federation (_sipfederationtle), and XMPP
federation (_xmpp-server) with Cisco Unified Presence. The DNS server that hosts the Cisco Unified
Presence public address is located in the local DMZ.

XMPP

Client
(Tom)

277

88

7

Internet

CUCM

CUCM

Enterprise X

Enterprise Z

DMZ

DMZ

private

private network

ASA functions as:
• Firewall
• Open Port 5269

Pass-through for
XMPP Requests
No Termination
of connections

*ASA

XMPP

CUP (US)

CUP

CUP

CUP (UK)

CUP

CUP

Inter-cluster
communication

*Cisco Adaptive Security Appliance

Sametime

(Bob)

Sametime

(Bill)

IBM

Sametime

Gateway

Directory

IBM

Sametime

Gateway

IBM

Sametime

Server

XMPP

Client

(Ann)

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals