42-11
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 42 Using the Cisco Unified Communication Wizard
Configuring the UC-IME by using the Unified Communication Wizard
Step 6 Configure the remote-side certificate management, namely the certificates that are exchanged between
the remote server and the adaptive security appliance. This certificate is presented to remote servers so
that they can authenticate the adaptive security appliance as a trusted server. See Configuring the
Remote-Side Certificates for the Cisco Intercompany Media Engine Proxy, page 42-16.
The wizard completes by displaying a summary of the configuration created for the Cisco Intercompany
Media Engine.
Configuring the Topology for the Cisco Intercompany Media Engine Proxy
Step 1 Select the topology of your ICME deployment by click on the following options:
• All Internet traffic flows through the ASA radio button. This option is also referred to as a basic
deployment.
• This ASA is off the path of the regular Internet traffic. This option is also referred to as an off-path
deployment.
Step 2 Click Next.
Basic Deployment
In a basic deployment, the Cisco Intercompany Media Engine Proxy sits in-line with the Internet firewall
such that all Internet traffic traverses the adaptive security appliance. In this deployment, a single Cisco
UCM or a Cisco UCM cluster is centrally deployed within the enterprise, along with a Cisco
Intercompany Media Engine server (and perhaps a backup). A single Internet connection traverses the
adaptive security appliance, which is enabled with the Cisco Intercompany Media Engine Proxy.
The adaptive security appliance sits on the edge of the enterprise and inspects SIP signaling by creating
dynamic SIP trunks between enterprises.
Off-path Deployment
In an off path deployment, inbound and outbound Cisco Intercompany Media Engine calls pass through
an adaptive security appliance enabled with the Cisco Intercompany Media Engine Proxy. The adaptive
security appliance is located in the DMZ and configured to support primarily Cisco Intercompany Media
Engine. Normal Internet facing traffic does not flow through this adaptive security appliance.
For all inbound calls, the signaling is directed to the adaptive security appliance because destined Cisco
UCMs are configured with the global IP address on the adaptive security appliance. For outbound calls,
the called party could be any IP address on the Internet; therefore, the adaptive security appliance is
configured with a mapping service that dynamically provides an internal IP address on the adaptive
security appliance for each global IP address of the called party on the Internet.
Cisco UCM sends all outbound calls directly to the mapped internal IP address on the adaptive security
appliance instead of the global IP address of the called party on the Internet. The adaptive security
appliance then forwards the calls to the global IP address of the called party.
Note When you configure the Cisco Intercompany Media Engine for an off-path deployment, you must ensure
that the public IP addresses and ports of the Cisco Unified Communications Manager servers and the
public IP address for the media termination address are accessible from the Internet. The summary page
of the Unified Communication Wizard reminds you of the requirements.
To Next Page
Loading...
Need help?
General
