Cisco Systems ASA 5585-X Manual De Usuario
18-4
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 18 Configuring Cisco Mobility Advantage
Information about the Cisco Mobility Advantage Proxy Feature
Figure 18-2
Cisco UMC/Cisco UMA Architecture – Scenario 2: Security Appliance as Mobility
Advantage Proxy Only
Advantage Proxy Only
Mobility Advantage Proxy Using NAT/PAT
In both scenarios (
and
), NAT can be used to hide the private address of the Cisco
UMA servers.
In scenario 2 (
), PAT can be used to converge all client traffic into one source IP, so that the
firewall does not have to open up a wildcard pinhole for inbound traffic.
hostname(config)# access-list cumc extended permit tcp any host 172.16.27.41 eq 5443
versus
hostname(config)# access-list cumc extended permit tcp host 192.0.2.183 host 172.16.27.41
eq 5443
271642
ASA with
TLS Proxy
IP Address:
172.16.27.41
(DMZ routable)
DMZ
MP
Conference
Voice mail
Cisco Unified
Presence
M
Cisco UCM
Exchange
Active
Directory
Internal Network
Corporate
Firewall
Firewall
Enterprise Network
eth0
Internet
Cisco UMC Client
Cisco UMA
Client connects to
cuma.example.com
(192.0.2.41)
inside
outside
192.0.2.41/24
192.0.2.182/24
ISP
Gateway
Gateway