EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1293 background imageLoading...
Page #1293 background image
1-9
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Cisco Unified Presence
Configuring Cisco Unified Presence Proxy for SIP Federation
Configuring Cisco Unified Presence Proxy for SIP
Federation
This section contains the following topics:
Task Flow for Configuring Cisco Unified Presence Federation Proxy for SIP Federation, page 1-9
Creating Trustpoints and Generating Certificates, page 1-10
Installing Certificates, page 1-10
Creating the TLS Proxy Instance, page 1-12
Enabling the TLS Proxy for SIP Inspection, page 1-13
Task Flow for Configuring Cisco Unified Presence Federation Proxy for
SIP Federation
To configure a Cisco Unified Presence/LCS Federation scenario with the ASA as the TLS proxy where
there is a single Cisco UP that is in the local domain and self-signed certificates are used between the
Cisco UP and the ASA (like the scenario shown in Figure 1-1), perform the following tasks.
Step 1 Create the following static NAT for the local domain containing the Cisco UP.
For the inbound connection to the local domain containing the Cisco UP, create static PAT by entering
the following command:
hostname(config)# object network name
hostname(config-network-object)# host real_ip
hostname(config-network-object)# nat (real_ifc,mapped_ifc) static mapped_ip service {tcp |
udp} real_port mapped_port
Note For each Cisco UP that could initiate a connection (by sending SIP SUBSCRIBE) to the foreign
server, you must also configure static PAT by using a different set of PAT ports.
For outbound connections or the TLS handshake, use dynamic NAT or PAT. The ASA SIP inspection
engine takes care of the necessary translation (fixup).
hostname(config)# object network name
hostname(config-network-object)# subnet real_ip netmask
hostname(config-network-object)# nat (real_ifc,mapped_ifc) dynamic mapped_ip
For information about configuring NAT and PAT for the Cisco Presence Federation proxy, see Chapter 1,
“Configuring Network Object NAT” and Chapter 1, “Configuring Twice NAT”.
Step 2 Create the necessary RSA keypairs and proxy certificate, which is a self-signed certificate, for the
remote entity. See Creating Trustpoints and Generating Certificates, page 1-10.
Step 3 Install the certificates. See Installing Certificates, page 1-10.
Step 4 Create the TLS proxy instance for the Cisco UP clients connecting to the Cisco UP server. See Creating
the TLS Proxy Instance, page 1-12.
Step 5 Enable the TLS proxy for SIP inspection. See Enabling the TLS Proxy for SIP Inspection, page 1-13.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals