15-6
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 15 Information About Cisco Unified Communications Proxy Features
Licensing for Cisco Unified Communications Proxy Features
Table 15-2 shows the default and maximum TLS session details by platform.
The following table shows the Unified Communications Proxy license details by platform for
intercompany media engine proxy:
Note This feature is not available on No Payload Encryption models.
For more information about licensing, see Chapter 5, “Managing Feature Licenses,” in the general
operations configuration guide.
Table 15-2 Default and Maximum TLS Sessions on the Security Appliance
Security Appliance Platform Default TLS Sessions Maximum TLS Sessions
ASA 5505 10 80
ASA 5510 100 200
ASA 5520 300 1200
ASA 5540 1000 4500
ASA 5550 2000 4500
ASA 5580 4000 13,000
Model License Requirement
All models Intercompany Media Engine license.
When you enable the Intercompany Media Engine (IME) license, you can use TLS proxy sessions up
to the configured TLS proxy limit. If you also have a Unified Communications (UC) license installed
that is higher than the default TLS proxy limit, then the ASA sets the limit to be the UC license limit
plus an additional number of sessions depending on your model. You can manually configure the TLS
proxy limit using the Configuration > Firewall > Unified Communications > TLS Proxy pane. If
you also install the UC license, then the TLS proxy sessions available for UC are also available for
IME sessions. For example, if the configured limit is 1000 TLS proxy sessions, and you purchase a
750-session UC license, then the first 250 IME sessions do not affect the sessions available for UC. If
you need more than 250 sessions for IME, then the remaining 750 sessions of the platform limit are
used on a first-come, first-served basis by UC and IME.
• For a license part number ending in “K8”, TLS proxy sessions are limited to 1000.
• For a license part number ending in “K9”, the TLS proxy limit depends on your configuration and
the platform model.
Note K8 and K9 refer to whether the license is restricted for export: K8 is unrestricted, and K9 is
restricted.
You might also use SRTP encryption sessions for your connections:
• For a K8 license, SRTP sessions are limited to 250.
• For a K9 license, there is no limit.
Note Only calls that require encryption/decryption for media are counted toward the SRTP limit; if
passthrough is set for the call, even if both legs are SRTP, they do not count toward the limit.