Cisco Systems and the ASA Services Module Manual De Usuario
20-26
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 20 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
What to Do Next
Once you have enabled the TLS proxy for SIP inspection, if necessary, configure TLS within the
enterprise. See
enterprise. See
.
(Optional) Configuring TLS within the Local Enterprise
This task is not required if TCP is allowable within the inside network.
TLS within the enterprise refers to the security status of the Cisco Intercompany Media Engine trunk as
seen by the ASA.
seen by the ASA.
Note
If the transport security for the Cisco Intercompany Media Engine trunk changes on Cisco UCM, it must
be changed on the ASA as well. A mismatch will result in call failure. The ASA does not support SRTP
with non-secure IME trunks. The ASA assumes SRTP is allowed with secure trunks. So ‘SRTP Allowed’
must be checked for IME trunks if TLS is used. The ASA supports SRTP fallback to RTP for secure IME
trunk calls.
be changed on the ASA as well. A mismatch will result in call failure. The ASA does not support SRTP
with non-secure IME trunks. The ASA assumes SRTP is allowed with secure trunks. So ‘SRTP Allowed’
must be checked for IME trunks if TLS is used. The ASA supports SRTP fallback to RTP for secure IME
trunk calls.
Prerequisites
On the local Cisco UCM, download the Cisco UCM certificate. See the Cisco Unified Communications
Manager documentation for information. You will need this certificate when performing
Manager documentation for information. You will need this certificate when performing
of this
procedure.
Procedure
To configure TLS within the local enterprise, perform the following steps on the local ASA:
Step 14
hostname(config-pmap)# exit
Exits from the policy map configuration mode.
Step 15
hostname(config)# service-policy policymap_name
global
Examples:
hostname(config)# service-policy ime-policy global
Enables the service policy for SIP inspection for all
interfaces.
interfaces.
Where
policymap_name
is the name of the policy
map you created in
of this task.
for information about the
UC-IME proxy settings. See CLI configuration
guide for information about the no service-policy
guide for information about the no service-policy
command.
Command
Purpose