Configure The Sccp Inspection Service Policy - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 14
Inspection for Voice and Video Protocols
Configure parameters that affect the inspection engine.
Step 4
a.
b.
Example
The following example shows how to define an SCCP inspection policy map.
hostname(config)# policy-map type inspect skinny skinny-map
hostname(config-pmap)# parameters
hostname(config-pmap-p)# enforce-registration
hostname(config-pmap-p)# match message-id range 200 300
hostname(config-pmap-p)# drop log
hostname(config)# class-map inspection_default
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# policy-map global_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect skinny skinny-map
hostname(config)# service-policy global_policy global
Configure the SCCP Inspection Service Policy
The default ASA configuration includes SCCP inspection on the default port applied globally on all
interfaces. A common method for customizing the inspection configuration is to customize the default
global policy. You can alternatively create a new service policy as desired, for example, an
interface-specific policy.
Procedure
If necessary, create an L3/L4 class map to identify the traffic for which you want to apply the inspection.
Step 1
class-map name
match parameter
Enter parameters configuration mode.
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
Set one or more parameters. You can set the following options; use the no form of the command to
disable the option:
enforce-registration—Enforces registration before calls can be placed.
•
message-ID max hex_value—Sets the maximum SCCP station message ID allowed. The
•
message ID is in hex, and the default maximum is 0x181.
rtp-conformance [enforce-payloadtype]—Checks RTP packets flowing on the pinholes for
•
protocol conformance. The optional enforce-payloadtype keyword enforces the payload type
to be audio or video based on the signaling exchange.
sccp-prefix-len {max | min} length—Sets the maximum or minimum SCCP prefix length value
•
allowed. Enter the command twice to set both a minimum and maximum value. The default
minimum is 4, there is no default maximum.
•
timeout {media | signaling} time—Sets the timeouts for media and signaling connections (in
hh:mm:ss format). To have no timeout, specify 0 for the number. The default media timeout is
5 minutes, the default signaling timeout is one hour.
Cisco ASA Series Firewall CLI Configuration Guide
Skinny (SCCP) Inspection
14-33
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
