Cisco ASA 5506-X Configuration Manual page 226
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Skinny (SCCP) Inspection
b.
c.
Configure parameters that affect the inspection engine.
Step 4
a.
b.
Example
The following example shows how to define an SCCP inspection policy map.
hostname(config)# policy-map type inspect skinny skinny-map
hostname(config-pmap)# parameters
hostname(config-pmap-p)# enforce-registration
hostname(config-pmap-p)# match message-id range 200 300
hostname(config-pmap-p)# drop log
hostname(config)# class-map inspection_default
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# policy-map global_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect skinny skinny-map
hostname(config)# service-policy global_policy global
Configure the SCCP Inspection Service Policy
The default ASA configuration includes SCCP inspection on the default port applied globally on all
interfaces. A common method for customizing the inspection configuration is to customize the default
global policy. You can alternatively create a new service policy as desired, for example, an
interface-specific policy.
Cisco ASA Series Firewall CLI Configuration Guide
8-34
Specify the action to perform on matching packets. You can drop the packet and optionally log it.
hostname(config-pmap)# drop [log]
Repeat the process until you identify all message IDs that you want to drop.
Enter parameters configuration mode.
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
Set one or more parameters. You can set the following options; use the no form of the command to
disable the option:
•
enforce-registration—Enforces registration before calls can be placed.
•
message-ID max hex_value—Sets the maximum SCCP station message ID allowed. The
message ID is in hex, and the default maximum is 0x181.
•
rtp-conformance [enforce-payloadtype]—Checks RTP packets flowing on the pinholes for
protocol conformance. The optional enforce-payloadtype keyword enforces the payload type
to be audio or video based on the signaling exchange.
sccp-prefix-len {max | min} length—Sets the maximum or minimum SCCP prefix length value
•
allowed. Enter the command twice to set both a minimum and maximum value. The default
minimum is 4, there is no default maximum.
timeout {media | signaling} time—Sets the timeouts for media and signaling connections (in
•
hh:mm:ss format). To have no timeout, specify 0 for the number. The default media timeout is
5 minutes, the default signaling timeout is one hour.
Chapter 8
Inspection for Voice and Video Protocols
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
