Chapter 21 Configuring Cisco Intercompany Media Engine Proxy

Configuring Cisco Intercompany Media Engine Proxy

 

Command

Purpose

 

 

 

Step 5

(Optional)

Specifies the fallback timers for Cisco Intercompany

 

hostname(config-uc-ime)# fallback monitoring timer

Media Engine.

 

 

 

timer_millisec hold-down timer timer_sec

Specifying monitoring timer sets the time between

 

Examples:

which the ASA samples the RTP packets received

 

hostname(config-uc-ime)# fallback monitoring timer

 

from the Internet. The ASA uses the data sample to

 

120

 

determine if fallback to the PSTN is needed for a

 

hostname(config-uc-ime)# fallback hold-down timer 30

 

 

call.

 

 

Where timer_millisec specifies the length of the

 

 

monitoring timer. By default, the length is 100

 

 

milliseconds for the monitoring timer and the

 

 

allowed range is 10-600 ms.

 

 

Specifying hold-down timer sets the amount of

 

 

time that ASA waits before notifying Cisco UCM

 

 

whether to fall back to PSTN.

 

 

Where timer_sec specifies the length of the

 

 

hold-down timer. By default, the length is 20

 

 

seconds for the hold-down timer and the allowed

 

 

range is 10-360 seconds.

 

 

If you do not use this command to specify fallback

 

 

timers, the ASA uses the default settings for the

 

 

fallback timers.

 

 

 

Step 6

(Optional)

Specifies the file to use for mid-call PSTN fallback.

 

hostname(config-uc-ime)# fallback sensitivity-file

Where file_name must be the name of a file on disk

 

file_name

that includes the .fbs file extension.

 

Example:

The fallback file is used to determine whether the

 

hostname(config-uc-ime)# fallback sensitivity-file

 

ime-fallback-sensitvity.fbs

QoS of the call is poor enough for the Cisco

 

 

Intercompany Media Engine to move the call to the

 

 

PSTN.

 

 

 

What to Do Next

Install the certificate on the local entity truststore. You could also enroll the certificate with a local CA trusted by the local entity.

Creating Trustpoints and Generating Certificates

You need to generate the keypair for the certificate used by the ASA, and configure a trustpoint to identify the certificate sent by the ASA in the TLS handshake.

The example command lines in this task are based on a basic (in-line) deployment. See Figure 21-6 on page 21-11for an illustration explaining the example command lines in this task.

Note This task instructs you on how to create trustpoints for the local enterprise and the remote enterprise and how to exchange certificates between these two enterprises. This task does not provide steps for creating trustpoints and exchanging certificates between the local Cisco UCM and the local ASA. However, if you require additional security within the local enterprise, you must perform the optional task (Optional) Configuring TLS within the Local Enterprise, page 21-27. Performing that task allows for secure TLS

Cisco ASA Series Firewall ASDM Configuration Guide

21-21

Page 508 Page 510
Page 509
Image 509
Cisco Systems ASA Services Module, ASA 5505, ASA 5545-X, ASA 5555-X Creating Trustpoints and Generating Certificates, 21-21
Page 508 Page 510

ASA Services Module, ASA 5555-X, ASA 5545-X, ASA 5585-X, ASA 5580 specifications

Cisco Systems has long been a leader in the field of network security, and its Adaptive Security Appliance (ASA) series is a testament to this expertise. Within the ASA lineup, models such as the ASA 5505, ASA 5580, ASA 5585-X, ASA 5545-X, and ASA 5555-X stand out for their unique features, capabilities, and technological advancements.

The Cisco ASA 5505 is designed for small businesses or branch offices. It provides essential security features such as firewall protection, flexible VPN capabilities, and intrusion prevention. The ASA 5505 supports a user-friendly interface, allowing for straightforward management. Its built-in threat detection and prevention tools provide a layered defense, and with scalability in mind, it can accommodate various expansion options as organizational needs grow.

Moving up the line, the ASA 5580 delivers greater throughput and advanced security features. This model is suited for medium to large enterprises that require robust protection against increasingly sophisticated threats. Its multi-core architecture allows it to manage high volumes of traffic seamlessly while maintaining excellent performance levels. The ASA 5580 also supports application-layer security and customizable access policies, making it highly adaptable to diverse security environments.

The ASA 5585-X further enhances Cisco's security offerings with advanced malware protection and extensive security intelligence capabilities. It incorporates next-generation firewall features, including context-aware security, and supports advanced threat detection technologies. This model is ideal for large enterprises or data centers that prioritize security while ensuring uninterrupted network performance and availability.

For enterprises requiring a balance of performance and security, the ASA 5545-X presents a compelling option. This model features scalable performance metrics, high availability, and integrated advanced threat protection. Coupled with advanced endpoint protection and detailed monitoring capabilities, the ASA 5545-X enables organizations to manage their security posture effectively.

Lastly, the ASA 5555-X blends cutting-edge technologies with strong security infrastructures. It boasts high throughput and the ability to execute deep packet inspections. Its sophisticated architecture supports threat intelligence feeds that provide real-time security updates, making it a powerful tool against modern threats.

Each of these Cisco ASA models brings specific advantages to varied environments. Their integrative capabilities enable businesses to enhance their security postures while benefiting from seamless scalability and management. As cybersecurity threats evolve, these advanced appliances play a vital role in protecting valuable digital assets.
Top Page Image Contents