EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1001 background imageLoading...
Page #1001 background image
46-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 46 Configuring Cisco Unified Presence
Information About Cisco Unified Presence
hostname(config)# static (inside,outside) tcp 192.0.2.1 45062 10.0.0.3 5062 netmask
255.255.255.255
hostname(config)# static (inside,outside) udp 192.0.2.1 45070 10.0.0.3 5070 netmask
255.255.255.255
hostname(config)# static (inside,outside) tcp 192.0.2.1 5070 10.0.0.2 5070 netmask
255.255.255.255
hostname(config)# static (inside,outside) tcp 192.0.2.1 45060 10.0.0.3 5060 netmask
255.255.255.255
Dynamic NAT or PAT can be used for the rest of the outbound connections or the TLS handshake. The
adaptive security appliance SIP inspection engine takes care of the necessary translation (fixup).
hostname(config)# global (outside) 102 192.0.2.1 netmask 255.255.255.255
hostname(config)# nat (inside) 102 0.0.0.0 0.0.0.0
Figure 46-2 illustrates an abstracted scenario with Entity X connected to Entity Y through the presence
federation proxy on the adaptive security appliance. The proxy is in the same administrative domain as
Entity X. Entity Y could have another adaptive security appliance as the proxy but this is omitted for
simplicity.
Figure 46-2 Abstracted Presence Federation Proxy Scenario between Two Server Entities
For the Entity X domain name to be resolved correctly when the adaptive security appliance holds its
credential, the adaptive security appliance could be configured to perform NAT for Entity X, and the
domain name is resolved as the Entity X public address for which the adaptive security appliance
provides proxy service.
For further information about configuring Cisco Unified Presence Federation for SIP Federation, see the
Integration Guide for Configuring Cisco Unified Presence for Interdomain Federation.:
http://www.cisco.com/en/US/products/ps6837/products_installation_and_configuration_guides_list.ht
ml
Trust Relationship in the Presence Federation
Within an enterprise, setting up a trust relationship is achievable by using self-signed certificates or you
can set it up on an internal CA.
Establishing a trust relationship cross enterprises or across administrative domains is key for federation.
Cross enterprises you must use a trusted third-party CA (such as, VeriSign). The adaptive security
appliance obtains a certificate with the FQDN of the Cisco UP (certificate impersonation).
271638
SIP/TLS
Internet
Entity X Entity Y
Enterprise X Enterprise Y
ASA
TLS Proxy
192.0.2.1
192.0.2.2
192.0.2.25410.0.0.2
10.0.0.1
OutsideInside
Enterprise Y Firewall omitted

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals