Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
56-30
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 56 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
(Optional) Configuring Off Path Signaling
Perform this task only when you are configuring the Cisco Intercompany Media Engine Proxy as part of
an off path deployment. You might choose to have an off path deployment when you want to use the
Cisco Intercompany Media Engine but do not want to replace your existing Internet firewall with an ASA
enabled with the Cisco Intercompany Media Engine Proxy.
In an off path deployment, the existing firewall that you have deployed in your environment is not
capable of transmitting Cisco Intercompany Media Engine traffic.
Off path signaling requires that outside IP addresses translate to an inside IP address. The inside
interface address can be used for this mapping service configuration. For the Cisco Intercompany Media
Engine Proxy, the ASA creates dynamic mappings for external addresses to the internal IP address;
therefore, using the dynamic NAT configuration on outbound calls, Cisco UCM sends SIP traffic to this
internal IP address, and the ASA uses that mapping to determine the real destination on inbound calls.
The static NAT or PAT mapping is used for inbound calls in an off path configuration.
Figure 56-9 Example for Configuring Off Path Signaling in an Off Path Deployment
After you configure off path signaling, the ASA mapping service listens on interface “inside” for
requests. When it receives a request, it creates a dynamic mapping for the “outside” as the destination
interface.
To configure off path signaling for the Cisco Intercompany Media Engine Proxy, perform the following
steps:
Local Cisco UCM
Local ASA
Remote ASA
10.10.0.24
Corporate
Network
Local Enterprise
IP
IP
IP
TCP
M
OUTSIDE 0.0.0.0 0.0.0.0
248766
192.168.10.30
Outside Cisco UCM address
209.165.200.228
TLS
Internet
192.168.10.1
ip_address:port
ASA inside interface
192.168.10.1
Command Purpose
Step 1
hostname(config)# object network name
Example:
hostname(config)# object network outside-any
For the off path ASA, creates a network object to
represent all outside addresses.
Step 2
hostname(config-network-object)# subnet ip_address
Example:
hostname(config-network-object)# subnet 0.0.0.0
0.0.0.0
Specifies the IP address of the subnet.
Step 3
hostname(config-network-object)# nat
(outside,inside) dynamic interface inside
Creates a mapping for the Cisco UCM of remote
enterprises.
Step 4
hostname(config-network-object)# exit
Exits from the objects configuration mode.