Cisco Systems and the ASA Services Module Manual De Usuario
20-3
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 20 Configuring Cisco Intercompany Media Engine Proxy
Information About Cisco Intercompany Media Engine Proxy
On successful verification, the terminating side creates a ticket that grants permission to the call
originator to make a Cisco IME call to a specific number. See
originator to make a Cisco IME call to a specific number. See
information.
Tickets and Passwords
Cisco Intercompany Media Engine utilizes tickets and passwords to provide enterprise verification.
Verification through the creation of tickets ensures an enterprise is not subject to denial-of-service
(DOS) attacks from the Internet or endless VoIP spam calls. Ticket verification prevents spam and DOS
attacks because it introduces a cost to the VoIP caller; namely, the cost of a PSTN call. A malicious user
cannot set up just an open source asterisk PBX on the Internet and begin launching SIP calls into an
enterprise running Cisco Intercompany Media Engine. Having the Cisco Intercompany Media Engine
Proxy verify tickets allows incoming calls from a particular enterprise to a particular number only when
that particular enterprise has previously called that phone number on the PSTN.
Verification through the creation of tickets ensures an enterprise is not subject to denial-of-service
(DOS) attacks from the Internet or endless VoIP spam calls. Ticket verification prevents spam and DOS
attacks because it introduces a cost to the VoIP caller; namely, the cost of a PSTN call. A malicious user
cannot set up just an open source asterisk PBX on the Internet and begin launching SIP calls into an
enterprise running Cisco Intercompany Media Engine. Having the Cisco Intercompany Media Engine
Proxy verify tickets allows incoming calls from a particular enterprise to a particular number only when
that particular enterprise has previously called that phone number on the PSTN.
To send a spam VoIP call to every phone within an enterprise, an organization would have to purchase
the Cisco Intercompany Media Engine and Cisco Unified Communications Manager and have called
each phone number within the enterprise over the PSTN and completed each call successfully. Only then
can it launch a VoIP call to each number.
the Cisco Intercompany Media Engine and Cisco Unified Communications Manager and have called
each phone number within the enterprise over the PSTN and completed each call successfully. Only then
can it launch a VoIP call to each number.
The Cisco Intercompany Media Engine server creates tickets and the ASA validates them. The ASA and
Cisco Intercompany Media Engine server share a password that is configured so that the ASA detects
the ticket was created by a trusted Cisco Intercompany Media Engine server. The ticket contains
information that indicates that the enterprise is authorized to call specific phone numbers at the target
enterprise. See
Cisco Intercompany Media Engine server share a password that is configured so that the ASA detects
the ticket was created by a trusted Cisco Intercompany Media Engine server. The ticket contains
information that indicates that the enterprise is authorized to call specific phone numbers at the target
enterprise. See
for the ticket verification process and how it operates between the originating
and terminating-call enterprises.
Note
Because the initial calls are over the PSTN, they are subject to any national regulations regarding
telemarketing calling. For example, within the United States, they would be subject to the national
do-not-call registry.
telemarketing calling. For example, within the United States, they would be subject to the national
do-not-call registry.
Figure 20-1
Ticket Verification Process with Cisco Intercompany Media Engine
Enterprise A
Cisco UCM
M
Enterprise B
IP
IP
IP
IP
Internet
Cisco UCM
M
ASA
ASA
Enterprise B gets
authorization ticket
from A at end of
validation protocol
authorization ticket
from A at end of
validation protocol
UC-IME server passes
ticket to UCM and it’s
stored as part of VoIP
route
ticket to UCM and it’s
stored as part of VoIP
route
248761
1
2
Enterprise B
calls A and
includes ticket
calls A and
includes ticket
3
ASA validates
ticket
ticket
4
UC-IME
Server
UC-IME
Server