Cisco Systems and the ASA Services Module Manual De Usuario
20-7
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 20 Configuring Cisco Intercompany Media Engine Proxy
Licensing for Cisco Intercompany Media Engine
Off Path Deployment
In an off path deployment, inbound and outbound Cisco Intercompany Media Engine calls pass through
an adaptive security appliance enabled with the Cisco Intercompany Media Engine Proxy. The adaptive
security appliance is located in the DMZ and is configured to support only the Cisco Intercompany
Media Engine traffic (SIP signaling and RTP traffic). Normal Internet facing traffic does not flow
through this adaptive security appliance.
an adaptive security appliance enabled with the Cisco Intercompany Media Engine Proxy. The adaptive
security appliance is located in the DMZ and is configured to support only the Cisco Intercompany
Media Engine traffic (SIP signaling and RTP traffic). Normal Internet facing traffic does not flow
through this adaptive security appliance.
For all inbound calls, the signaling is directed to the adaptive security appliance because destined Cisco
UCMs are configured with the global IP address on the adaptive security appliance. For outbound calls,
the called party could be any IP address on the Internet; therefore, the adaptive security appliance is
configured with a mapping service that dynamically provides an internal IP address on the adaptive
security appliance for each global IP address of the called party on the Internet.
UCMs are configured with the global IP address on the adaptive security appliance. For outbound calls,
the called party could be any IP address on the Internet; therefore, the adaptive security appliance is
configured with a mapping service that dynamically provides an internal IP address on the adaptive
security appliance for each global IP address of the called party on the Internet.
Cisco UCM sends all outbound calls directly to the mapped internal IP address on the adaptive security
appliance instead of the global IP address of the called party on the Internet. The adaptive security
appliance then forwards the calls to the global IP address of the called party.
appliance instead of the global IP address of the called party on the Internet. The adaptive security
appliance then forwards the calls to the global IP address of the called party.
illustrates the architecture of the Cisco Intercompany Media Engine in an off path
deployment.
Figure 20-4
Off Path Deployment of the Adaptive Security Appliance
Licensing for Cisco Intercompany Media Engine
The Cisco Intercompany Media Engine feature supported by the ASA require a Unified Communications
Proxy license.
Proxy license.
The following table shows the details of the Unified Communications Proxy license:
Note
This feature is not available on No Payload Encryption models.
PSTN
Inside Enterprise
DMZ
248763
Internet
Firewall
Firewall
PSTN
Gateway
UC-IME
Server
Intranet
Firewall
Firewall
ASA enabled
with UC-IME proxy
Outside Enterprise
V
P
e
rm
iter Secur
ity
Only UC-IME calls pass
through the ASA enabled
with the UC-IME proxy.
through the ASA enabled
with the UC-IME proxy.
Cisco UCM Cluster
M
M
M
M
M
Internet
UC-IME
Bootstrap Server
IP
IP
IP