47-16
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 47 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Creating Access Lists for Cisco Intercompany Media Engine Proxy
To configure access lists for the Cisco Intercompany Media Engine Proxy to reach the Cisco UCM
server, perform the following steps.
The example command lines in this task are based on a basic (in-line) deployment. See Figure 47-6 on
page 47-11 for an illustration explaining the example command lines in this task.
Command Purpose
Step 1
hostname(config)# access-list id extended permit tcp
any host ip_address eq port
Example:
hostname(config)# access-list incoming extended
permit tcp any host 192.168.10.30 eq 5070
Adds an Access Control Entry (ACE). An access list
is made up of one or more ACEs with the same
access list ID. This ACE provides access control by
allowing incoming access for Cisco Intercompany
Media Engine connections on the specified port.
In the ip_address argument, provide the real IP
address of Cisco UCM.
Step 2
hostname(config)# access-group access-list in
interface interface_name
Example:
hostname(config)# access-group incoming in interface
outside
Binds the access list to an interface.
Step 3
hostname(config)# access-list id extended permit tcp
any host ip_address eq port
Example:
hostname(config)# access-list ime-inbound-sip
extended permit tcp any host 192.168.10.30 eq 5070
Adds an ACE. This ACE allows the adaptive
security appliance to allow inbound SIP traffic for
Cisco Intercompany Media Engine. This entry is
used to classify traffic for the class and policy map.
Note The port that you configure here must match
the trunk settings configured on Cisco UCM.
See the Cisco Unified Communications
Manager documentation for information
about this configuration setting.
Step 4
hostname(config)# access-list id extended permit tcp
ip_address mask any range range
Example:
hostname(config)# access-list ime-outbound-sip
extended permit tcp 192.168.10.30 255.255.255.255
any range 5000 6000
Adds an ACE. This ACE allows the adaptive
security appliance to allow outbound SIP traffic for
Cisco Intercompany Media Engine (in the example,
any TCP traffic with source as 192.168.10.30 and
destination port range between 5000 and 6000). This
entry is used to classify traffic for the class and
policy map.
Note Ensure that TCP traffic between Cisco UCM
and the Cisco Intercompany Media Engine
server does not use this port range (if that
connection goes through the adaptive
security appliance).
To Next Page
Loading...
Need help?
General
