1-2
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Information About Cisco Unified Communications Proxy Features
  Information About the Adaptive Security Appliance in Cisco Unified Communications
http://www.cisco.com/go/secureuc
TLS Proxy: Decryption and inspection of Cisco Unified Communications encrypted signaling
End-to-end encryption often leaves network security appliances “blind” to media and signaling traffic, 
which can compromise access control and threat prevention security functions. This lack of visibility can 
result in a lack of interoperability between the firewall functions and the encrypted voice, leaving 
businesses unable to satisfy both of their key security requirements. 
The ASA is able to intercept and decrypt encrypted signaling from Cisco encrypted endpoints to the 
Cisco Unified Communications Manager (Cisco UCM), and apply the required threat protection and 
access control. It can also ensure confidentiality by re-encrypting the traffic onto the Cisco UCM servers. 
Typically, the ASA TLS Proxy functionality is deployed in campus unified communications network. 
This solution is ideal for deployments that utilize end to end encryption and firewalls to protect Unified 
Communications Manager servers.
Mobility Proxy: Secure connectivity between Cisco Unified Mobility Advantage server and Cisco Unified 
Mobile Communicator clients
Cisco Unified Mobility solutions include the Cisco Unified Mobile Communicator (Cisco UMC), an 
easy-to-use software application for mobile handsets that extends enterprise communications 
applications and services to mobile phones and the Cisco Unified Mobility Advantage (Cisco UMA) 
server. The Cisco Unified Mobility solution streamlines the communication experience, enabling single 
number reach and integration of mobile endpoints into the Unified Communications infrastructure. 
The security appliance acts as a proxy, terminating and reoriginating the TLS signaling between the 
Cisco UMC and Cisco UMA. As part of the proxy security functionality,  inspection is enabled for the 
Cisco UMA Mobile Multiplexing Protocol (MMP), the protocol between Cisco UMC and Cisco UMA.
Presence Federation Proxy: Secure connectivity between Cisco Unified Presence servers and 
Cisco/Microsoft Presence servers
Cisco Unified Presence solution collects information about the availability and status of users, such as 
whether they are using communication devices, such as IP phones at particular times. It also collects 
information regarding their communications capabilities, such as whether web collaboration or video 
conferencing is enabled. Using user information captured by Cisco Unified Presence, applications such 
as Cisco Unified Personal Communicator and Cisco UCM can improve productivity by helping users 
connect with colleagues more efficiently through determining the most effective way for collaborative 
communication.
Using the ASA as a secure presence federation proxy, businesses can securely connect their Cisco 
Unified Presence (Cisco UP) servers to other Cisco or Microsoft Presence servers, enabling 
intra-enterprise communications. The security appliance terminates the TLS connectivity between the 
servers, and can inspect and apply policies for the SIP communications between the servers. 
Cisco Intercompany Media Engine Proxy: Secure connectivity between Cisco UCM servers in different 
enterprises for IP Phone traffic
As more unified communications are deployed within enterprises, cases where business-to-business calls 
utilize unified communications on both sides with the Public Switched Network (PSTN) in the middle 
become increasingly common. All outside calls go over circuits to telephone providers and from there 
are delivered to all external destinations.
The Cisco Intercompany Media Engine gradually creates dynamic, encrypted VoIP connections between 
businesses, so that a collection of enterprises that work together end up looking like one giant business 
with secure VoIP interconnections between them.