47-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter47 Information About Cisco Unified Communications Proxy Features
Licensing for Cisco Unified Communications Proxy Features
The following table shows the Unified Communications Proxy license details by platform for
intercompany media engine proxy:
Note This feature is not available on No Payload Encryption models.
Note
Table47-2 Default and Maximum TLS Sessions on the Security Appliance
Security Appliance Platform Default TLS Sessions Maximum TLS Sessions
ASA 5505 10 80
ASA 5510 100 200
ASA 5520 300 1200
ASA 5540 1000 4500
ASA 5550 2000 4500
ASA 5580 4000 13,000
Model License Requirement
All other models Intercompany Media Engine license.
When you enable the Intercompany Media Engine (IME) license, you can use TLS proxy sessions up
to the configured TLS proxy limit. If you also have a Unified Communications (UC) license installed
that is higher than the default TLS proxy limit, then the ASA sets the limit to be the UC license limit
plus an additional number of sessions depending on your model. You can manually configure the TLS
proxy limit using the tls-proxy maximum-sessions command. To view the limits of your model, enter
the tls-proxy maximum-sessions ? command. If you also install the UC license, then the TLS proxy
sessions available for UC are also available for IME sessions. For example, if the configured limit is
1000 TLS proxy sessions, and you purchase a 750-session UC license, then the first 250 IME sessions
do not affect the sessions available for UC. If you need more than 250 sessions for IME, then the
remaining 750 sessions of the platform limit are used on a first-come, first-served basis by UC and
IME.
For a license part number ending in “K8”, TLS proxy sessions are limited to 1000.
For a license part number ending in “K9”, the TLS proxy limit depends on your configuration and
the platform model.
Note K8 and K9 refer to whether the license is restricted for export: K8 is unrestricted, and K9 is
restricted.
You might also use SRTP encryption sessions for your connections:
For a K8 license, SRTP sessions are limited to 250.
For a K9 license, there is no limit.
Note Only calls that require encryption/decryption for media are counted toward the SRTP limit; if
passthrough is set for the call, even if both legs are SRTP, they do not count toward the limit.