50-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter50 Configuring Cisco Mobility Advantage
Licensing for the Cisco Mobility Advantage Proxy Feature
Figure50-5 How the Security Appliance Represents Cisco UMA – Certificate Impersonation
A trusted relationship between the ASA and the Cisco UMA server can be established with self-signed
certificates. The ASA's identity certificate is exported, and then uploaded on the Cisco UMA server
truststore. The Cisco UMA server certificate is downloaded, and then uploaded on the ASA truststore
by creating a trustpoint and using the crypto ca authenticate command.
Licensing for the Cisco Mobility Advantage Proxy Feature
The Cisco Unified Communications proxy features (Cisco Phone Proxy, TLS proxy for encrypted voice
inspection, and the Cisco Presence Federation Proxy) supported by the ASA require a Unified
Communications Proxy license. However, in Version 8.2(2) and later, the Mobility Advantage proxy no
longer requires a Unified Communications Proxy license.
The following table shows the licensing requirements for the Mobility Advantage proxy:
For more information about licensing, see Chapter 3, “Managing Feature Licenses.”
Configuring Cisco Mobility Advantage
This section includes the following topics:
Task Flow for Configuring Cisco Mobility Advantage, page50-7
Installing the Cisco UMA Server Certificate, page50-7
Creating the TLS Proxy Instance, page50-8
271644
Internet
Inspected and
Modified
(if needed)
Certificate
Authority
Certificate
ASA
Enroll with FQDN
of Cisco UMA
Key 1 Key 2
TLS (Self-signed,
or from local CA)
TLS (ASA Certificate with Cisco UMA FQDN)
3rd Party CA
Cisco UMA
Cisco UMC Client
Model License Requirement
All models Base License.