Verifying And Monitoring Ctiqbe Inspection - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
CTIQBE Inspection
hostname(config-pmap-c)# inspect ctiqbe
Use the service-policy command to apply the policy map globally or to a specific interface, as follows:
Step 6
hostname(config-pmap-c)# service-policy policy_map_name [global | interface interface_ID]
hostname(config)#
where policy_map_name is the policy map you configured in
to traffic on all the interfaces, use the global option. If you want to apply the policy map to traffic on a
specific interface, use the interface interface_ID option, where interface_ID is the name assigned to the
interface with the nameif command.
The FWSM begins inspecting CTIQBE traffic, as specified.
Example 22-1 Enabling and Configuring CTIQBE Inspection
The following example creates a class map to match CTIQBE traffic on the default port (2748) and
enables CTIQBE inspection in the policy using the class matching CTIQBE traffic. The service policy
is then applied to the outside interface.
hostname(config)# class-map ctiqbe_port
hostname(config-cmap)# match port tcp eq 2748
hostname(config-cmap)# policy-map sample_policy
hostname(config-pmap)# class ctiqbe_port
hostname(config-pmap-c)# inspect ctiqbe
hostname(config-pmap-c)# service-policy sample_policy interface outside
hostname(config)#
Verifying and Monitoring CTIQBE Inspection
The show ctiqbe command displays information regarding the CTIQBE sessions established across the
FWSM. It shows information about the media connections allocated by the CTIQBE inspection engine.
The following is sample output from the show ctiqbe command under the following conditions. There
is only one active CTIQBE session setup across the FWSM. It is established between an internal CTI
device (for example, a Cisco IP SoftPhone) at local address 10.0.0.99 and an external Cisco CallManager
at 209.165.201.2, where TCP port 2748 is the Cisco CallManager. The heartbeat interval for the session
is 120 seconds.
hostname# # show ctiqbe
Total: 1
---------------------------------------------------------------
1
The CTI device has already registered with the CallManager. The device internal address and RTP
listening port is PATed to 209.165.201.2 UDP port 1028. Its RTCP listening port is PATed to UDP 1029.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-12
LOCAL
FOREIGN
10.0.0.99/1117
209.165.201.2/2748
----------------------------------------------
RTP/RTCP: PAT xlates: mapped to 209.165.201.2(1028 - 1029)
----------------------------------------------
MEDIA: Device ID 27
Foreign 209.165.201.2
Local
209.165.201.3
----------------------------------------------
Chapter 22
Step
STATE
HEARTBEAT
1
Call ID 0
(1028 - 1029)
(26822 - 26823)
Applying Application Layer Protocol Inspection
3. If you want to apply the policy map
120
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
