51-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter51 Configuring Cisco Unified Presence
Configuring Cisco Unified Presence Proxy for SIP Federation
For more information about licensing, see Chapter 3, “Managing Feature Licenses.”
Configuring Cisco Unified Presence Proxy for SIP Federation
This section contains the following topics:
Task Flow for Configuring Cisco Unified Presence Federation Proxy for SIP Federation, page51-9
Creating Trustpoints and Generating Certificates, page51-9
Installing Certificates, page51-10
ASA 5545-X Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, 500, 750, 1000, or 2000 sessions.
ASA 5555-X Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, 500, 750, 1000, 2000, or 3000 sessions.
ASA 5585-X with
SSP-10
Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, 500, 750, 1000, 2000, or 3000 sessions.
ASA 5585-X with
SSP-20, -40, or -60
Base License: 2 sessions.
Optional licenses: 24, 50, 100, 250, 500, 750, 1000, 2000, 3000, 5000, or 10,000 sessions.2
1. The following applications use TLS proxy sessions for their connections. Each TLS proxy session used by these applications (and only these applications)
is counted against the UC license limit:
- Phone Proxy
- Presence Federation Proxy
- Encrypted Voice Inspection
Other applications that use TLS proxy sessions do not count towards the UC limit, for example, Mobility Advantage Proxy (which does not require a
license) and IME (which requires a separate IME license).
Some UC applications might use multiple sessions for a connection. For example, if you configure a phone with a primary and backup Cisco Unified
Communications Manager, there are 2 TLS proxy connections, so 2 UC Proxy sessions are used.
You independently set the TLS proxy limit using the tls-proxy maximum-sessions command. To view the limits of your model, enter the tls-proxy
maximum-sessions ? command. When you apply a UC license that is higher than the default TLS proxy limit, the ASA automatically sets the TLS proxy
limit to match the UC limit. The TLS proxy limit takes precedence over the UC license limit; if you set the TLS proxy limit to be less than the UC license,
then you cannot use all of the sessions in your UC license.
Note: For license part numbers ending in “K8” (for example, licenses under 250 users), TLS proxy sessions are limited to 1000. For license part numbers
ending in “K9” (for example, licenses 250 users or larger), the TLS proxy limit depends on the configuration, up to the model limit. K8 and K9 refer to
whether the license is restricted for export: K8 is unrestricted, and K9 is restricted.
Note: If you clear the configuration (using the clear configure all command, for example), then the TLS proxy limit is set to the default for your model;
if this default is lower than the UC license limit, then you see an error message to use the tls-proxy maximum-sessions command to raise the limit again
. If you use failover and enter the write standby command on the primary unit to force a configuration synchronization, the clear configure all command
is generated on the secondary unit automatically, so you may see the warning message on the secondary unit. Because the configuration synchronization
restores the TLS proxy limit set on the primary unit, you can ignore the warning.
You might also use SRTP encryption sessions for your connections:
- For K8 licenses, SRTP sessions are limited to 250.
- For K9 licenses, there is not limit.
Note: Only calls that require encryption/decryption for media are counted towards the SRTP limit; if passthrough is set for the call, even if both legs are
SRTP, they do not count towards the limit.
2. With the 10,000-session UC license, the total combined sessions can be 10,000, but the maximum number of Phone Proxy sessions is 5000.
Model License Requirement1