Optional) configuring off path signaling – Cisco ASA 5505 User Manual

52-30

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 52 Configuring Cisco Intercompany Media Engine Proxy

Configuring Cisco Intercompany Media Engine Proxy

(Optional) Configuring Off Path Signaling

Perform this task only when you are configuring the Cisco Intercompany Media Engine Proxy as part of
an off path deployment. You might choose to have an off path deployment when you want to use the
Cisco Intercompany Media Engine but do not want to replace your existing Internet firewall with an ASA
enabled with the Cisco Intercompany Media Engine Proxy.

In an off path deployment, the existing firewall that you have deployed in your environment is not
capable of transmitting Cisco Intercompany Media Engine traffic.

Off path signaling requires that outside IP addresses translate to an inside IP address. The inside
interface address can be used for this mapping service configuration. For the Cisco Intercompany Media
Engine Proxy, the ASA creates dynamic mappings for external addresses to the internal IP address;
therefore, using the dynamic NAT configuration on outbound calls, Cisco UCM sends SIP traffic to this
internal IP address, and the ASA uses that mapping to determine the real destination on inbound calls.
The static NAT or PAT mapping is used for inbound calls in an off path configuration.

Figure 52-9

Example for Configuring Off Path Signaling in an Off Path Deployment

After you configure off path signaling, the ASA mapping service listens on interface “inside” for
requests. When it receives a request, it creates a dynamic mapping for the “outside” as the destination
interface.

To configure off path signaling for the Cisco Intercompany Media Engine Proxy, perform the following
steps:

Local Cisco UCM

Local ASA

Remote ASA

10.10.0.24

Corporate

Network

Local Enterprise

IP

IP

IP

TCP

M

OUTSIDE 0.0.0.0 0.0.0.0

24

8

766

192.168.10.30

Outside Cisco UCM address

209.165.200.228

TLS

Internet

192.168.10.1

ip_address:port

ASA inside interface

192.168.10.1

Command

Purpose

Step 1

hostname(config)# object network name

Example:

hostname(config)# object network outside-any

For the off path ASA, creates a network object to
represent all outside addresses.

Step 2

hostname(config-network-object)# subnet ip_address

Example:

hostname(config-network-object)# subnet 0.0.0.0

0.0.0.0

Specifies the IP address of the subnet.

Step 3

hostname(config-network-object)# nat

(outside,inside) dynamic interface inside

Creates a mapping for the Cisco UCM of remote
enterprises.

Step 4

hostname(config-network-object)# exit

Exits from the objects configuration mode.