47-31
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 47 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
(Optional) Configuring Off Path Signaling
Perform this task only when you are configuring the Cisco Intercompany Media Engine Proxy as part of
an off path deployment. You might choose to have an off path deployment when you want to use the
Cisco Intercompany Media Engine but do not want to replace your existing Internet firewall with an
adaptive security appliance enabled with the Cisco Intercompany Media Engine Proxy.
In an off path deployment, normal Internet facing trafficflows through the existing Internet firewall while
the Cisco Intercompany Media Engine traffic flows through the adaptive security appliance enabled with
the Cisco Intercompany Media Engine Proxy.
Off path signaling requires that outside IP addresses translate to an inside IP address. The inside
interface address can be used for this mapping service configuration. For the Cisco Intercompany Media
Engine Proxy, the adaptive security appliance creates dynamic mappings for external addresses to the
internal IP address; therefore, using the dynamic NAT configuration on outbound calls, Cisco UCM
sends SIP traffic to this internal IP address, and the adaptive security appliance uses that mapping to
determine the real destination on inbound calls. The static NAT or PAT mapping is used for inbound calls
in an off path configuration.
Figure 47-9 Example for Configuring Off Path Signaling in an Off Path Deployment
After you configure off path signaling, the adaptive security appliance mapping service listens on
interface “inside” for requests. When it receives a request, it creates a dynamic mapping for the “outside”
as the destination interface.
To configure off path signaling for the Cisco Intercompany Media Engine Proxy, perform the following
steps:
Local Cisco UCM
Local ASA
Corporate
Network
Local Enterprise
IP
IP
IP
TCP
M
OUTSIDE 0.0.0.0 0.0.0.0
248766
ASA inside interface
192.168.10.1
Outside Cisco UCM address
209.165.200.228
TLS
Internet
192.168.10.1
ip_address:port
Command Purpose
Step 1
hostname(config)# object network name
Example:
hostname(config)# object network outside-any
For the off path adaptive security appliance, creates
a network object to represent all outside addresses.
Step 2
hostname(config-network-object)# subnet ip_address
Example:
hostname(config-network-object)# subnet 0.0.0.0
0.0.0.0
Specifies the IP address of the subnet.
Step 3
hostname(config-network-object)# nat inside dynamic
interface
Creates a mapping for the Cisco UCM of remote
enterprises.
To Next Page
Loading...
Need help?
General
