Cisco Systems and the ASA Services Module Network Router User Manual


 
19-17
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 19 Configuring Cisco Unified Presence
Configuration Example for Cisco Unified Presence
quit
! for Entity Y’s CA certificate
crypto ca trustpoint ent_y_ca
enrollment terminal
crypto ca authenticate ent_y_ca
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
MIIDRTCCAu+gAwIBAgIQKVcqP/KW74VP0NZzL+JbRTANBgkqhkiG9w0BAQUFADCB
[ certificate data omitted ]
/7QEM8izy0EOTSErKu7Nd76jwf5e4qttkQ==
quit
! Entity X to Entity Y
tls-proxy ent_x_to_y
server trust-point ent_y_proxy
client trust-point ent_x_cert
client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1
! Entity Y to Entity X
tls-proxy ent_y_to_x
server trust-point ent_x_cert
client trust-point ent_y_proxy
client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1
access-list ent_x_to_y extended permit tcp host 10.0.0.2 host 192.0.2.254 eq 5061
access-list ent_y_to_x extended permit tcp host 192.0.2.254 host 192.0.2.1 eq 5061
class-map ent_x_to_y
match access-list ent_x_to_y
class-map ent_y_to_x
match access-list ent_y_to_x
policy-map type inspect sip sip_inspect
parameters
! SIP inspection parameters
policy-map global_policy
class ent_x_to_y
inspect sip sip_inspect tls-proxy ent_x_to_y
class ent_y_to_x
inspect sip sip_inspect tls-proxy ent_y_to_x
service-policy global_policy global
Example ACL Configuration for XMPP Federation
Example 1: This example ACL configuration allows from any address to any address on port 5269:
access-list ALLOW-ALL extended permit tcp any any eq 5269
Example 2: This example ACL configuration allows from any address to any single XMPP federation
node on port 5269. The following values are used in this example:
Private XMPP federation Cisco Unified Presence Release 8.0 IP address = 1.1.1.1
XMPP federation listening port = 5269
access-list ALLOW-ALL extended permit tcp any host 1.1.1.1 eq 5269
Example 3: This example ACL configuration allows from any address to specific XMPP federation
nodes published in DNS.
Note The public addresses are published in DNS, but the private addresses are configured in the access-list
command.