Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

UC TLS Proxy function in a one-armed setup

Hi

Is the UC TLS Proxy functionality for CUMA supported in a one-armed setup? So the ASA is acting as a proxy with just one interface connected to the network. TLS clients are connecting over that interface, meanwhile the CUMA / call manager are also behind that interface. The ASA would be placed into a DMZ of an additional firewall.

Greetings

Roberto

Everyone's tags (6)
1 REPLY
Cisco Employee

Re: UC TLS Proxy function in a one-armed setup

Hi Roberto,

In the CUMA documentation, you'll find the following phrase which implies that what you would like to do is supported:

Whether deploying the ASA as both a TLS Proxy and firewall or deploying the ASA as simply a TLS Proxy in a DMZ and relying on some external firewall...

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/mobilapp.html#wp1082911

Just make sure that you have the following configured on your ASA to allow the firewall to hairpin the traffic:

same-security-traffic permit intra-interface

Regards,

Nicolas

345
Views
0
Helpful
1
Replies
CreatePlease to create content