Figure 51-1, Depicts a cisco u – Cisco ASA 5505 User Manual

Page 1070

Advertising
background image

51-2

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 51 Configuring Cisco Unified Presence

Information About Cisco Unified Presence

Figure 51-1

Typical Cisco Unified Presence/LCS Federation Scenario

In the above architecture, the ASA functions as a firewall, NAT, and TLS proxy, which is the
recommended architecture. However, the ASA can also function as NAT and the TLS proxy alone,
working with an existing firewall.

Either server can initiate the TLS handshake (unlike IP Telephony or Cisco Unified Mobility, where only
the clients initiate the TLS handshake). There are by-directional TLS proxy rules and configuration.
Each enterprise can have an ASA as the TLS proxy.

In

Figure 51-1

, NAT or PAT can be used to hide the private address of Entity X. In this situation, static

NAT or PAT must be configured for foreign server (Entity Y) initiated connections or the TLS handshake
(inbound). Typically, the public port should be 5061. The following static PAT command is required for
the Cisco UP that accepts inbound connections:

hostname(config)# object network obj-10.0.0.2-01

hostname(config-network-object)# host 10.0.0.2

hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service tcp 5061

5061

The following static PAT must be configured for each Cisco UP that could initiate a connection (by
sending SIP SUBSCRIBE) to the foreign server.

For Cisco UP with the address 10.0.0.2, enter the following command:

hostname(config)# object network obj-10.0.0.2-02

hostname(config-network-object)# host 10.0.0.2

hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service tcp 5062

5062

hostname(config)# object network obj-10.0.0.2-03

hostname(config-network-object)# host 10.0.0.2

hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service udp 5070

5070

hostname(config)# object network obj-10.0.0.2-04

hostname(config-network-object)# host 10.0.0.2

271637

SIP

Internet

Cisco UP

(US)

Cisco UCM

Cisco UP

(UK)

Cisco UCM

Cisco UP

(HK)

Cisco UCM

ASA

8.0.4

LCS

AD

DMZ

DMZ

Enterprise X

Enterprise Y

private

private network

Routing

Proxy

(Cisco UP)

192.0.2.1

192.0.2.254

10.0.0.2

Access

Proxy

LCS

Director

MOC

(Yao)

UC

(Ann)

Orative

(Ann)

IPPM
(Ann)

MOC
(Zak)

Outside

Functions as:
• TLS Proxy
• NAT w/SIP
rewrite
• Firewall

Inside

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals