Cisco Systems ASA 5580 Manual De Usuario
20-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 20 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Creating ACLs for Cisco Intercompany Media Engine Proxy
To configure ACLs for the Cisco Intercompany Media Engine Proxy to reach the Cisco UCM server,
perform the following steps.
perform the following steps.
The example command lines in this task are based on a basic (in-line) deployment. See
for an illustration explaining the example command lines in this task.
Command
Purpose
Step 1
hostname(config)# access-list id extended permit tcp
any
host ip_address eq port
Example:
hostname(config)# access-list incoming extended
permit tcp any host 192.168.10.30 eq 5070
Adds an Access Control Entry (ACE). An ACL is
made up of one or more ACEs with the same ACL
ID. This ACE provides access control by allowing
incoming access for Cisco Intercompany Media
Engine connections on the specified port.
made up of one or more ACEs with the same ACL
ID. This ACE provides access control by allowing
incoming access for Cisco Intercompany Media
Engine connections on the specified port.
In the ip_address argument, provide the real IP
address of Cisco UCM.
address of Cisco UCM.
Step 2
hostname(config)# access-group access-list in
interface
interface_name
Example:
hostname(config)# access-group incoming in interface
outside
Binds the ACL to an interface.
Step 3
hostname(config)# access-list id extended permit tcp
any
host ip_address eq port
Example:
hostname(config)# access-list ime-inbound-sip
extended permit tcp any host 192.168.10.30 eq 5070
Adds an ACE. This ACE allows the ASA to allow
inbound SIP traffic for Cisco Intercompany Media
Engine. This entry is used to classify traffic for the
class and policy map.
inbound SIP traffic for Cisco Intercompany Media
Engine. This entry is used to classify traffic for the
class and policy map.
Note
The port that you configure here must match
the trunk settings configured on Cisco UCM.
See the Cisco Unified Communications
Manager documentation for information
about this configuration setting.
the trunk settings configured on Cisco UCM.
See the Cisco Unified Communications
Manager documentation for information
about this configuration setting.
Step 4
hostname(config)# access-list id extended permit tcp
ip_address mask any range range
Example:
hostname(config)# access-list ime-outbound-sip
extended permit tcp 192.168.10.30 255.255.255.255
any range 5000 6000
Adds an ACE. This ACE allows the ASA to allow
outbound SIP traffic for Cisco Intercompany Media
Engine (in the example, any TCP traffic with source
as 192.168.10.30 and destination port range between
5000 and 6000). This entry is used to classify traffic
for the class and policy map.
outbound SIP traffic for Cisco Intercompany Media
Engine (in the example, any TCP traffic with source
as 192.168.10.30 and destination port range between
5000 and 6000). This entry is used to classify traffic
for the class and policy map.
Note
Ensure that TCP traffic between Cisco UCM
and the Cisco Intercompany Media Engine
server does not use this port range (if that
connection goes through the ASA).
and the Cisco Intercompany Media Engine
server does not use this port range (if that
connection goes through the ASA).
Step 5
hostname(config)# access-list id permit tcp any host
ip_address eq 6084
Example:
hostname(config)# access-list ime-traffic permit tcp
any host 192.168.10.12 eq 6084
Adds an ACE. This ACE allows the ASA to allow
traffic from the Cisco Intercompany Media Engine
server to remote Cisco Intercompany Media Engine
servers.
traffic from the Cisco Intercompany Media Engine
server to remote Cisco Intercompany Media Engine
servers.
Step 6
hostname(config)# access-list id permit tcp any host
ip_address eq 8470
Example:
hostname(config)# access-list ime-bootserver-traffic
permit tcp any host 192.168.10.12 eq 8470
Adds an ACE. This ACE allows the ASA to allow
traffic from the Cisco Intercompany Media Engine
server to the Bootstrap server for the Cisco
Intercompany Media Engine.
traffic from the Cisco Intercompany Media Engine
server to the Bootstrap server for the Cisco
Intercompany Media Engine.