Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 471

    Page 471 CH A P T E R 19-1 Cisco ASA Series Firewall ASDM Configuration Guide 19 Configuring Cisco Mobility Advantage This chapter describes how to configure the ASA for Cisco Unified Communications Mobility Advantage Proxy features. This chapter includes the following sections: Information about the Cisco Mobility Advantage Proxy Feature, page 19-1 Licensing for the Cisco Mobility Advantage Proxy Feature, page 19-6 Configuring Cisco Mobility Advantage, page 19-6 Feature History for Cisco Mobility... 
    CH A P T E R
 
19-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
19
Configuring Cisco Mobility Advantage
This chapter describes how to configure the ASA for Cisco Unified Communications Mobility 
Advantage Proxy features. 
This chapter includes the following sections:
Information about the Cisco Mobility Advantage Proxy Feature, page 19-1
Licensing for the Cisco Mobility Advantage Proxy Feature, page 19-6
Configuring Cisco Mobility Advantage, page 19-6
Feature History for Cisco Mobility...

    Page 472

    Page 472 19-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Information about the Cisco Mobility Advantage Proxy Feature Figure 19-1 MMP Stack The TCP/TLS default port is 5443. There are no embedded NAT or secondary connections. Cisco UMA client and server communications can be proxied via TLS, which decrypts the data, passes it to the inspect MMP module, and re-encrypt the data before forwarding it to the endpoint. The inspect MMP module verifies... 
     
19-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Information about the Cisco Mobility Advantage Proxy Feature
Figure 19-1 MMP Stack
The TCP/TLS default port is 5443. There are no embedded NAT or secondary connections.
Cisco UMA client and server communications can be proxied via TLS, which decrypts the data, passes 
it to the inspect MMP module, and re-encrypt the data before forwarding it to the endpoint. The inspect 
MMP module verifies...

    Page 473

    Page 473 19-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Information about the Cisco Mobility Advantage Proxy Feature Figure 19-2The TLS proxy for the Cisco Mobility Advantage solution does not support client authentication because the Cisco UMA client cannot present a certificate. Security Appliance as Firewall with Mobility Advantage Proxy and MMP Inspection In Figure 19-2, the ASA performs static NAT by translating the Cisco UMA server... 
     
19-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Information about the Cisco Mobility Advantage Proxy Feature
Figure 19-2The TLS proxy for the Cisco Mobility Advantage solution does not support client 
authentication because the Cisco UMA client cannot present a certificate. 
Security 
Appliance as Firewall with Mobility Advantage Proxy and MMP Inspection
In Figure 19-2, the ASA performs static NAT by translating the Cisco UMA server...

    Page 474

    Page 474 19-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Information about the Cisco Mobility Advantage Proxy Feature Figure 19-3 Cisco UMC/Cisco UMA Architecture – Scenario 2: Security Appliance as Mobility Advantage Proxy Only Mobility Advantage Proxy Using NAT/PAT In both scenarios (Figure 19-2 and Figure 19-3), NAT can be used to hide the private address of the Cisco UMA servers. In scenario 2 (Figure 19-3), PAT can be used to converge all... 
     
19-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Information about the Cisco Mobility Advantage Proxy Feature
Figure 19-3 Cisco UMC/Cisco UMA Architecture – Scenario 2: Security Appliance as Mobility 
Advantage Proxy Only
Mobility Advantage Proxy Using NAT/PAT
In both scenarios (Figure 19-2 and Figure 19-3), NAT can be used to hide the private address of the Cisco 
UMA servers.
In scenario 2 (Figure 19-3), PAT can be used to converge all...

    Page 475

    Page 475 19-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Information about the Cisco Mobility Advantage Proxy Feature Figure 19-4 shows how you can import the Cisco UMA server certificate onto the ASA. When the Cisco UMA server has already enrolled with a third-party CA, you can import the certificate with the private key onto the ASA. Then, the ASA has the full credentials of the Cisco UMA server. When a Cisco UMA client connects to the Cisco... 
     
19-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Information about the Cisco Mobility Advantage Proxy Feature
Figure 19-4 shows how you can import the Cisco UMA server certificate onto the ASA. When the Cisco 
UMA server has already enrolled with a third-party CA, you can import the certificate with the private 
key onto the ASA. Then, the ASA has the full credentials of the Cisco UMA server. When a Cisco UMA 
client connects to the Cisco...

    Page 476

    Page 476 19-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Licensing for the Cisco Mobility Advantage Proxy Feature Figure 19-5 How the Security Appliance Represents Cisco UMA – Certificate Impersonation A trusted relationship between the ASA and the Cisco UMA server can be established with self-signed certificates. The ASAs identity certificate is exported, and then uploaded on the Cisco UMA server truststore. The Cisco UMA server certificate is... 
     
19-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Licensing for the Cisco Mobility Advantage Proxy Feature
Figure 19-5 How the Security Appliance Represents Cisco UMA – Certificate Impersonation
A trusted relationship between the ASA and the Cisco UMA server can be established with self-signed 
certificates. The ASAs identity certificate is exported, and then uploaded on the Cisco UMA server 
truststore. The Cisco UMA server certificate is...

    Page 477

    Page 477 19-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Feature History for Cisco Mobility Advantage Task Flow for Configuring Cisco Mobility Advantage To configure for the ASA to perform TLS proxy and MMP inspection as shown in Figure 19-2 and Figure 19-3, perform the following tasks. It is assumed that self-signed certificates are used between the ASA and the Cisco UMA server. To configure the Cisco Mobility Advantage Proxy by using ASDM,... 
     
19-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Feature History for Cisco Mobility Advantage
Task Flow for Configuring Cisco Mobility Advantage
To configure for the ASA to perform TLS proxy and MMP inspection as shown in Figure 19-2 and 
Figure 19-3, perform the following tasks. 
It is assumed that self-signed certificates are used between the ASA and the Cisco UMA server.
To configure the Cisco Mobility Advantage Proxy by using ASDM,...

    Page 478

    Page 478 19-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 19 Configuring Cisco Mobility Advantage Feature History for Cisco Mobility Advantage 
     
19-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 19      Configuring Cisco Mobility Advantage
  Feature History for Cisco Mobility Advantage

    Page 479

    Page 479 CH A P T E R 20-1 Cisco ASA Series Firewall ASDM Configuration Guide 20 Configuring Cisco Unified Presence This chapter describes how to configure the adaptive security appliance for Cisco Unified Presence. This chapter includes the following sections: Information About Cisco Unified Presence, page 20-1 Licensing for Cisco Unified Presence, page 20-7 Configuring Cisco Unified Presence Proxy for SIP Federation, page 20-8 Feature History for Cisco Unified Presence, page 20-9 Information About Cisco... 
    CH A P T E R
 
20-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
20
Configuring Cisco Unified Presence
This chapter describes how to configure the adaptive security appliance for Cisco Unified Presence. 
This chapter includes the following sections: 
Information About Cisco Unified Presence, page 20-1
Licensing for Cisco Unified Presence, page 20-7
Configuring Cisco Unified Presence Proxy for SIP Federation, page 20-8
Feature History for Cisco Unified Presence, page 20-9
Information About Cisco...

    Page 480

    Page 480 20-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 20 Configuring Cisco Unified Presence Information About Cisco Unified Presence Figure 20-1 Typical Cisco Unified Presence/LCS Federation Scenario In the above architecture, the ASA functions as a firewall, NAT, and TLS proxy, which is the recommended architecture. However, the ASA can also function as NAT and the TLS proxy alone, working with an existing firewall. Either server can initiate the TLS handshake (unlike IP... 
     
20-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 20      Configuring Cisco Unified Presence
  Information About Cisco Unified Presence
Figure 20-1 Typical Cisco Unified Presence/LCS Federation Scenario
In the above architecture, the ASA functions as a firewall, NAT, and TLS proxy, which is the 
recommended architecture. However, the ASA can also function as NAT and the TLS proxy alone, 
working with an existing firewall. 
Either server can initiate the TLS handshake (unlike IP...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals