Cisco ASA 5505 User Manual

Page 1085

Advertising
background image

51-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 51 Configuring Cisco Unified Presence

Configuration Example for Cisco Unified Presence

quit

! for Entity Y’s CA certificate

crypto ca trustpoint ent_y_ca

enrollment terminal

crypto ca authenticate ent_y_ca

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself

MIIDRTCCAu+gAwIBAgIQKVcqP/KW74VP0NZzL+JbRTANBgkqhkiG9w0BAQUFADCB

[ certificate data omitted ]

/7QEM8izy0EOTSErKu7Nd76jwf5e4qttkQ==

quit

! Entity X to Entity Y

tls-proxy ent_x_to_y

server trust-point ent_y_proxy

client trust-point ent_x_proxy

client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1

! Entity Y to Entity X

tls-proxy ent_y_to_x

server trust-point ent_x_proxy

client trust-point ent_y_proxy

client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1

access-list ent_x_to_y extended permit tcp host 10.0.0.2 host 192.0.2.254 eq 5061

access-list ent_y_to_x extended permit tcp host 192.0.2.254 host 192.0.2.1 eq 5061

class-map ent_x_to_y

match access-list ent_x_to_y

class-map ent_y_to_x

match access-list ent_y_to_x

policy-map type inspect sip sip_inspect

parameters

! SIP inspection parameters

policy-map global_policy

class ent_x_to_y

inspect sip sip_inspect tls-proxy ent_x_to_y

class ent_y_to_x

inspect sip sip_inspect tls-proxy ent_y_to_x

service-policy global_policy global

Example Access List Configuration for XMPP Federation

Example 1: This example access list configuration allows from any address to any address on port 5269:

access-list ALLOW-ALL extended permit tcp any any eq 5269

Example 2: This example access list configuration allows from any address to any single XMPP
federation node on port 5269. The following values are used in this example:

Private XMPP federation Cisco Unified Presence Release 8.0 IP address = 1.1.1.1

XMPP federation listening port = 5269

access-list ALLOW-ALL extended permit tcp any host 1.1.1.1 eq 5269

Example 3: This example access list configuration allows from any address to specific XMPP federation
nodes published in DNS.

Note

The public addresses are published in DNS, but the private addresses are configured in the access-list
command.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals