Figure 50-2 – Cisco ASA 5505 User Manual
Page 1057
50-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 50 Configuring Cisco Mobility Advantage
Information about the Cisco Mobility Advantage Proxy Feature
hostname(config)# tls-proxy my_proxy
hostname(config-tlsp)# no server authenticate-client
Figure 50-2
Security Appliance as Firewall with Mobility Advantage Proxy and MMP Inspection
In
, the ASA performs static NAT by translating the Cisco UMA server 10.1.1.2 IP address
to 192.0.2.140.
shows deployment scenario 2, where the ASA functions as the TLS proxy only and does not
function as the corporate firewall. In this scenario, the ASA and the corporate firewall are performing
NAT. The corporate firewall will not be able to predict which client from the Internet needs to connect
to the corporate Cisco UMA server. Therefore, to support this deployment, you can take the following
actions:
•
Set up a NAT rule for inbound traffic that translates the destination IP address 192.0.2.41 to
172.16.27.41.
•
Set up an interface PAT rule for inbound traffic translating the source IP address of every packet so
that the corporate firewall does not need to open up a wildcard pinhole. The Cisco UMA server
receives packets with the source IP address 192.0.12.183.
hostname(config)# object network obj-0.0.0.0-01
hostname(config-network-object)# subnet 0.0.0.0 0.0.0.0
hostname(config-network-object)# nat (outside,inside) dynamic 192.0.2.183
Chapter 30, “Configuring Network Object NAT”
and
Chapter 31, “Configuring Twice NAT”
for
information.
271641
ASA with
TLS Proxy
Cisco UMA
Server
Mobile Data
Network (GPRS
Data Channel)
PSTN
MP
Conference
Voice mail
Cisco Unified
Presence
M
Cisco UCM
Exchange
Active Directory
Enterprise Services
Firewall
MMP/SSL/TLS
Voice Channel
MMP/SSL/TLS
Cisco UMC Client
Network:
10.1.1.0/24
IP Address:
10.1.1.2
Port: 5443
Network:
10.1.1.0/24
IP Address:
10.1.1.1
Hostname:
cuma.example.com
Network: 192.0.2.0/24
IP Address: 192.0.2.140
Port: 5443