EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #993 background imageLoading...
Page #993 background image
45-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 45 Configuring Cisco Mobility Advantage
Information about the Cisco Mobility Advantage Proxy Feature
Figure 45-2 The TLS proxy for the Cisco Mobility Advantage solution does not support client
authentication because the Cisco UMA client cannot present a certificate.
Security
Appliance as Firewall with Mobility Advantage Proxy and MMP Inspection
In Figure 45-2, the adaptive security appliance performs static NAT by translating the Cisco UMA server
10.1.1.2 IP address to 192.0.2.140.
Figure 45-3 shows deployment scenario 2, where the adaptive security appliance functions as the TLS
proxy only and does not function as the corporate firewall. In this scenario, the adaptive security
appliance and the corporate firewall are performing NAT. The corporate firewall will not be able to
predict which client from the Internet needs to connect to the corporate Cisco UMA server. Therefore,
to support this deployment, you can take the following actions:
Set up a NAT rule for inbound traffic that translates the destination IP address 192.0.2.41 to
172.16.27.41.
Set up an interface PAT rule for inbound traffic translating the source IP address of every packet so
that the corporate firewall does not need to open up a wildcard pinhole. The Cisco UMA server
receives packets with the source IP address 192.0.12.183.
See Chapter 27, “Configuring Network Object NAT” and Chapter 28, “Configuring Twice NAT” for
information.
Note This interface PAT rule converges the Cisco UMA client IP addresses on the outside interface of
the adaptive security appliance into a single IP address on the inside interface by using different
source ports. Performing this action is often referred as “outside PAT”. “Outside PAT” is not
recommended when TLS proxy for Cisco Mobility Advantage is enabled on the same interface
of the adaptive security appliance with phone proxy, Cisco Unified Presence, or any other
features involving application inspection. “Outside PAT” is not supported completely by
application inspection when embedded address translation is needed.
271641
ASA with
TLS Proxy
Cisco UMA
Server
Mobile Data
Network (GPRS
Data Channel)
PSTN
MP
Conference
Voice mail
Cisco Unified
Presence
M
Cisco UCM
Exchange
Active Directory
Enterprise Services
Firewall
MMP/SSL/TLS
Voice Channel
MMP/SSL/TLS
Cisco UMC Client
Network:
10.1.1.0/24
IP Address:
10.1.1.2
Port: 5443
Network:
10.1.1.0/24
IP Address:
10.1.1.1
Hostname:
cuma.example.com
Network: 192.0.2.0/24
IP Address: 192.0.2.140
Port: 5443

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals