1-2
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Cisco Unified Presence
Information About Cisco Unified Presence
Figure 1-1 Typical Cisco Unified Presence/LCS Federation Scenario
In the above architecture, the ASA functions as a firewall, NAT, and TLS proxy, which is the
recommended architecture. However, the ASA can also function as NAT and the TLS proxy alone,
working with an existing firewall.
Either server can initiate the TLS handshake (unlike IP Telephony or Cisco Unified Mobility, where only
the clients initiate the TLS handshake). There are by-directional TLS proxy rules and configuration.
Each enterprise can have an ASA as the TLS proxy.
In Figure 1-1, NAT or PAT can be used to hide the private address of Entity X. In this situation, static
NAT or PAT must be configured for foreign server (Entity Y) initiated connections or the TLS handshake
(inbound). Typically, the public port should be 5061. The following static PAT command is required for
the Cisco UP that accepts inbound connections:
hostname(config)# object network obj-10.0.0.2-01
hostname(config-network-object)# host 10.0.0.2
hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service tcp 5061
5061
The following static PAT must be configured for each Cisco UP that could initiate a connection (by
sending SIP SUBSCRIBE) to the foreign server.
For Cisco UP with the address 10.0.0.2, enter the following command:
hostname(config)# object network obj-10.0.0.2-02
hostname(config-network-object)# host 10.0.0.2
hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service tcp 5062
5062
hostname(config)# object network obj-10.0.0.2-03
hostname(config-network-object)# host 10.0.0.2
hostname(config-network-object)# nat (inside,outside) static 192.0.2.1 service udp 5070
5070
hostname(config)# object network obj-10.0.0.2-04
hostname(config-network-object)# host 10.0.0.2
271637
SIP
Internet
Cisco
UP
(US)
Cisco UCM
Cisco
UP
(UK)
Cisco UCM
Cisco
UP
(HK)
Cisco UCM
ASA
8.0.4
LCS
AD
DMZ DMZ
Enterprise X Enterprise Y
private private network
Routing
Proxy
(
Cisco
UP)
192.0.2.1
192.0.2.254
10.0.0.2
Access
Proxy
LCS
Director
MOC
(Yao)
UC
(Ann)
Orative
(Ann)
IPPM
(Ann)
MOC
(Zak)
Outside
Functions as:
• TLS Proxy
• NAT w/SIP
rewrite
• Firewall
Inside
To Next Page
Loading...
Need help?
General
