Cisco ASA 5505 User Manual
Page 1104
52-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 52 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Creating Access Lists for Cisco Intercompany Media Engine Proxy
To configure access lists for the Cisco Intercompany Media Engine Proxy to reach the Cisco UCM
server, perform the following steps.
The example command lines in this task are based on a basic (in-line) deployment. See
Figure 52-6 on
page 52-11
for an illustration explaining the example command lines in this task.
Command
Purpose
Step 1
hostname(config)# access-list id extended permit tcp
any
host ip_address eq port
Example:
hostname(config)# access-list incoming extended
permit tcp any host 192.168.10.30 eq 5070
Adds an Access Control Entry (ACE). An access list
is made up of one or more ACEs with the same
access list ID. This ACE provides access control by
allowing incoming access for Cisco Intercompany
Media Engine connections on the specified port.
In the ip_address argument, provide the real IP
address of Cisco UCM.
Step 2
hostname(config)# access-group access-list in
interface
interface_name
Example:
hostname(config)# access-group incoming in interface
outside
Binds the access list to an interface.
Step 3
hostname(config)# access-list id extended permit tcp
any
host ip_address eq port
Example:
hostname(config)# access-list ime-inbound-sip
extended permit tcp any host 192.168.10.30 eq 5070
Adds an ACE. This ACE allows the ASA to allow
inbound SIP traffic for Cisco Intercompany Media
Engine. This entry is used to classify traffic for the
class and policy map.
Note
The port that you configure here must match
the trunk settings configured on Cisco UCM.
See the Cisco Unified Communications
Manager documentation for information
about this configuration setting.
Step 4
hostname(config)# access-list id extended permit tcp
ip_address mask any range range
Example:
hostname(config)# access-list ime-outbound-sip
extended permit tcp 192.168.10.30 255.255.255.255
any range 5000 6000
Adds an ACE. This ACE allows the ASA to allow
outbound SIP traffic for Cisco Intercompany Media
Engine (in the example, any TCP traffic with source
as 192.168.10.30 and destination port range between
5000 and 6000). This entry is used to classify traffic
for the class and policy map.
Note
Ensure that TCP traffic between Cisco UCM
and the Cisco Intercompany Media Engine
server does not use this port range (if that
connection goes through the ASA).
Step 5
hostname(config)# access-list id permit tcp any host
ip_address eq 6084
Example:
hostname(config)# access-list ime-traffic permit tcp
any host 192.168.10.12 eq 6084
Adds an ACE. This ACE allows the ASA to allow
traffic from the Cisco Intercompany Media Engine
server to remote Cisco Intercompany Media Engine
servers.
Step 6
hostname(config)# access-list id permit tcp any host
ip_address eq 8470
Example:
hostname(config)# access-list ime-bootserver-traffic
permit tcp any host 192.168.10.12 eq 8470
Adds an ACE. This ACE allows the ASA to allow
traffic from the Cisco Intercompany Media Engine
server to the Bootstrap server for the Cisco
Intercompany Media Engine.