CUMA Integration with BES (ie. without ASA)

Unanswered Question
Aug 30th, 2010

Hi Guys,

My apologies if this has been answered already, I was able to find pieces of info which seems to contradict the documentation.

We have purchased CUMA 7.X, we have a Blackberry Enterprise Server and we do not have an ASA.

From some of the posts here, it seems that an ASA is not requried for CUMA deployment but from reading the Installation and Configuraiton guide for CUMA 7.X, it states that "A Cisco Adaptive Security Appliance (ASA) is required for new installations and for upgrades, to
provide secure connections to the Cisco Unified Mobility Advantage server"

So do I need an ASA or not?  I do not see any documentation that discusses deployments without an ASA or deployments using a BES.

THis is all very new to me, I'd appreciate some guidance,

Thanks in advance,

Neil

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Aaron Harrison Mon, 08/30/2010 - 08:04

Hi

Basically it's saying that you need an ASA for a production deployment. That would be the secure and fully tested/supportable solution. The ASA sits in your DMZ and the CUMA server itself sits in your network; with just the ASA being exposed to the web.

However, it can work without an ASA if you are (for example) lab testing or just demoing the product.

Regards

Aaron

Please rate helpful posts...

rohorgan Tue, 08/31/2010 - 19:33

Neil,

There are a couple of factors that play into this.

1.  What version of CUMA you install.

2.  What types of phones you plan to deploy the clients on.

3.  What version of the client you plan to run on phone.

As for the first point I would suggest only installing CUMA 7.1.3 or higher.  The best version to be on would be 7.1.3.10101-4 as it is the latest version on and has the most bug fixes.

If you plan to ONLY deploy Blackberry 7.x clients with CUMA then you do NOT need an ASA.  Your BB clients will connect into your network via the BES.  This will also require a VeriSign or GeoTrust signed certificate on the CUMA server.

If you plan to have a mixed environment like Blackberry clients and iPhones then you will need an ASA.  The BB clients will still connect in through the BES but the iPhones will connect in through the ASA.  This will require 2 signed certificates.  One for the CUMA server and one for the ASA.

Please find some helpful documentation links here:

Deploying CUMA 7.x with BB 7.x clients:

http://www.cisco.com/en/US/docs/voice_ip_comm/cuma/7_1/XML/clients/cuma71_clients_deploying_chapter3.html#concept_F562387DD1C345BCA816D6DAE12F9136

Information on the certificate requirements:

http://www.cisco.com/en/US/docs/voice_ip_comm/cuma/CUMA_CUMC_Compatibility_Matrix.html#wp83049

I hope this information helps,

Robbie

Actions

This Discussion