50-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter50 Configuring Cisco Mobility Advantage
Information about the Cisco Mobility Advantage Proxy Feature
Note This interface PAT rule converges the Cisco UMA client IP addresses on the outside interface of
the ASA into a single IP address on the inside interface by using different source ports.
Performing this action is often referred as “outside PAT”. “Outside PAT” is not recommended
when TLS proxy for Cisco Mobility Advantage is enabled on the same interface of the ASA with
phone proxy, Cisco Unified Presence, or any other features involving application inspection.
“Outside PAT” is not supported completely by application inspection when embedded address
translation is needed.
Figure50-3 Cisco UMC/Cisco UMA Architecture – Scenario 2: Security Appliance as Mobility
Advantage Proxy Only
Mobility Advantage Proxy Using NAT/PAT
In both scenarios (Figure 50-2 and Figure 50-3), NAT can be used to hide the private address of the Cisco
UMA servers.
271642
ASA with
TLS Proxy
IP Address:
172.16.27.41
(DMZ routable)
DMZ
MP
Conference
Voice mail
Cisco Unified
Presence
M
Cisco UCM
Exchange
Active
Directory
Internal Network
Corporate
Firewall
Enterprise Network
eth0
Internet
Cisco UMC Client
Cisco UMA
Client connects to
cuma.example.com
(192.0.2.41)
insideoutside
192.0.2.41/24 192.0.2.182/24
ISP
Gateway