50-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter50 Configuring Cisco Mobility Advantage
Configuration Examples for Cisco Mobility Advantage
Figure50-7 Cisco UMC/Cisco UMA Architecture – Scenario 2: Security Appliance as TLS Proxy
Only
object network obj-172.16.27.41-01
host 172.16.27.41
nat (inside,outside) static 192.0.2.140
object network obj-0.0.0.0-01
subnet 0.0.0.0 0.0.0.0
nat (outside,inside) dynamic 192.0.2.183
crypto ca import cuma_proxy pkcs12 sample_passphrase
<cut-paste base 64 encoded pkcs12 here>
quit
! for CUMA server’s self-signed certificate
crypto ca trustpoint cuma_server
enrollment terminal
crypto ca authenticate cuma_server
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
MIIDRTCCAu+gAwIBAgIQKVcqP/KW74VP0NZzL+JbRTANBgkqhkiG9w0BAQUFADCB
[ certificate data omitted ]
/7QEM8izy0EOTSErKu7Nd76jwf5e4qttkQ==
quit
271642
ASA with
TLS Proxy
IP Address:
172.16.27.41
(DMZ routable)

DMZ

MP
Conference
Voice mail
Cisco Unified
Presence
M
Cisco UCM
Exchange
Active
Directory
Internal Network
Corporate
Firewall
Enterprise Network
eth0
Internet
Cisco UMC Client
Cisco UMA
Client connects to
cuma.example.com
(192.0.2.41)
insideoutside
192.0.2.41/24 192.0.2.182/24
ISP
Gateway