Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption Fiche De Données
Data Sheet
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
Voice and Video Encryption Services
For compliance or security policy reasons, your organization might be required to provide confidentiality to voice and
video traffic. End-to-end encryption often leaves network security appliances “blind” to media and signaling traffic, a
situation that can compromise access control and threat prevention security functions. This scenario can result in a
lack of interoperability between the firewall and the encrypted voice, leaving your business unable to satisfy both of
your critical security requirements.
The Cisco ASA 5500 Series encryption proxy solution offers exceptional support (TLS proxy) for Cisco Unified
Communications Systems. It is a trusted device within the Cisco Unified Communications Manager authentication
domain: voice and video endpoints can securely authenticate and encrypt traffic. The Cisco ASA 5500 Series
appliance, as a proxy, can decrypt these connections, apply the required threat protection and access control, and
help ensure confidentiality by reencrypting the traffic onto the Cisco Unified Communications Manager servers. This
integration can give your organization the flexibility to deploy all of the required security countermeasures rather than
settling for an inadequate subset.
Perimeter Security Services
Perimeter security services include the following:
●
SSL and IPsec VPN: The Cisco ASA 5500 Series supports flexible, secure connectivity using SSL or IPsec
VPN services that deliver secure, high-speed voice and data communications among multiple office locations
or remote users. These appliances support quality-of-service (QoS) features to facilitate reliable, business-
quality delivery of latency-sensitive applications such as voice and video. You can apply the QoS policies on
a per-user, per-group, per-tunnel, or per-flow basis so that the proper priority and bandwidth restrictions are
applied to voice and video flows. In addition, preconnection posture assessment and security checks help
ensure that VPN users do not inadvertently bring attacks to the network. The Cisco SSL and IPsec solutions
are ideally suited to protecting soft-client unified communications traffic such as Cisco IP Communicator and
Cisco Unified Mobile and Personal Communicators.
●
Phone proxy: The Cisco ASA phone proxy capability facilitates termination of Cisco SRTP- and TLS-
encrypted endpoints for secure remote access. The Cisco ASA phone proxy allows large-scale deployments
of secure phones without a large-scale VPN remote-access hardware deployment. End-user infrastructure is
limited to just the IP endpoint, without VPN tunnels or hardware. The Cisco ASA phone proxy is the
replacement product for the Cisco Unified Phone Proxy.
●
Mobility proxy: The Cisco ASA mobility proxy facilitates secure connectivity between the Cisco Unified Mobile
Communicator software and the Cisco Unified Mobility Advantage server. The Cisco ASA appliance can
intercept the TLS connection between the Cisco Unified Mobile Communicator software and Cisco Unified
Mobility Advantage server, and inspect and apply policies to the mobility traffic using a new Multichassis
Multilink PPP (MMP) inspection engine. The Cisco ASA appliance is a mandatory component of mobility
solutions starting with the Cisco Unified Communications 7.0 systems, and replaces the Cisco Unified
Mobility Proxy.
●
Presence federation: The Cisco ASA 5500 Series facilitates secure presence federation between Cisco
Unified Presence and the Microsoft Office Communications Server (OCS) Presence solutions. This allows
two organizations to collaborate more efficiently by sharing presence information about how to best reach and
communicate with other users, using the common form of communication that is available. The Cisco ASA
5500 Series Adaptive Security Appliance is a mandatory component of presence federation solutions.
Deployment Topologies
As shown in Figure 1, you can use the Cisco ASA 5500 Series across your network to protect your call-control
system, endpoints, applications, and the underlying infrastructure from attacks. These topologies include: