Off path deployment – Cisco ASA 5505 User Manual
Page 1095
52-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 52 Configuring Cisco Intercompany Media Engine Proxy
Information About Cisco Intercompany Media Engine Proxy
Figure 52-4
Basic Deployment Scenario
Off Path Deployment
In an off path deployment, inbound and outbound Cisco Intercompany Media Engine calls pass through
an adaptive security appliance enabled with the Cisco Intercompany Media Engine Proxy. The adaptive
security appliance is located in the DMZ and is configured to support only the Cisco Intercompany
Media Engine traffic (SIP signaling and RTP traffic). Normal Internet facing traffic does not flow
through this adaptive security appliance.
For all inbound calls, the signaling is directed to the adaptive security appliance because destined Cisco
UCMs are configured with the global IP address on the adaptive security appliance. For outbound calls,
the called party could be any IP address on the Internet; therefore, the adaptive security appliance is
configured with a mapping service that dynamically provides an internal IP address on the adaptive
security appliance for each global IP address of the called party on the Internet.
Cisco UCM sends all outbound calls directly to the mapped internal IP address on the adaptive security
appliance instead of the global IP address of the called party on the Internet. The adaptive security
appliance then forwards the calls to the global IP address of the called party.
illustrates the architecture of the Cisco Intercompany Media Engine in an off path
deployment.
Enterprise A
Cisco UCM
M
ASA Enabled
with UC-IME Proxy
Internet
SIP Trunk
Enterprise B
IP
IP
Cisco UCM
M
ASA Enabled
with UC-IME Proxy
24
8
762
UC-IME
Bootstrap Server
UC-IME
Server
PSTN Gateway
PSTN Gateway
PSTN
IP
IP
UC-IME
Server
V
V