Cisco Support Community
Community Member

HTTP Reverse Proxy on ASA 5510 for Unified Comms setup

Hi There,

We are currently in the last stages of configuring our Unified Comms infrastructure, which basically consists of the integration of an OCS (Office Communication Server) and our Call Manager infrastructure. Currently we are able to provide audio, video and presence services to internal and external users. I'm stuck with the need to configure an HTTP reverse proxy, which is required for access to meeting content by external users as well as for downloading address book files by external users. I'm attaching a doc from microsoft that covers OCS Edge deployment; the need of the HTTP reverse proxy is mentioned on page 3. It also provides instructions on how to configure it in the Microsoft ISA 2006 firewall on pages 17 to 23.

I need to know whether the same configuration can be achieved in a Cisco ASA 5510 firewall appliance, which is what we are using. I've managed to create the truspoints and installed the certificates on the ASA firewall, however i dont know how to publish the website rule by specifying the web listener (https) and point to the corresponding paths on the web server behind the firewall.

Any help and guide on this will be much appreciated.




Re: HTTP Reverse Proxy on ASA 5510 for Unified Comms setup

You can position the Cisco ASA 5500 Series as a security device between a trusted and untrusted network to help ensure that vulnerabilities from the untrusted network do not affect the trusted network. You can use a Cisco ASA 5500 Series appliance to proxy traffic between voice and data VLANs, or to secure an internal network against external access in a firewall architecture.

Community Member

Re: HTTP Reverse Proxy on ASA 5510 for Unified Comms setup

We have OCS's edge server deployed without a proxy, resulting in limited functionality. We have an ASA in front and back of the edge server. The ASA doesn't function as a traditional http reverse proxy. Cisco's cache engine is the only product I'm aware of that can provide reverse proxy functionality. Although I'm working to determine if cisco's content switches may offer similar capabilities. Squid which is an open source product can act as a reverse proxy which is the recommended approach from Microsoft.

CreatePlease to create content