Verifying And Monitoring Sccp Inspection - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Skinny (SCCP) Inspection
Return to global configuration mode by entering the following command:
Step 7
hostname(config-pmap)# exit
hostname(config)#
Apply the policy map globally or to a specific interface by entering the following command:
Step 8
hostname(config)# service-policy policy_map_name [global | interface interface_ID
Replace policy_map_name with the policy map you configured in
with the global option or a specific interface using the name assigned with the nameif command.
For example, the following command applies the sample_policy to the outside interface:
hostname(config)# service-policy sample_policy interface outside
The following command applies the sample_policy to the all the FWSM interfaces:
hostname(config)# service-policy sample_policy global
You enable the SCCP inspection engine as shown in
SCCP traffic on the default port (2000). The service policy is then applied to the outside interface.
Example 22-12 Enabling SCCP Application Inspection
hostname(config)# class-map sccp_port
hostname(config-cmap)# match port tcp eq 2000
hostname(config-cmap)# exit
hostname(config)# policy-map sample_policy
hostname(config-pmap)# class sccp_port
hostname(config-pmap-c)# inspect skinny
hostname(config-pmap-c)# exit
hostname(config)# service-policy sample_policy interface outside
Verifying and Monitoring SCCP Inspection
The show skinny command assists in troubleshooting SCCP (Skinny) inspection engine issues. The
following is sample output from the show skinny command under the following conditions. There are
two active Skinny sessions set up across the FWSM. The first one is an audio connection established
between an internal Cisco IP Phone at local address 10.0.0.11 and an external Cisco CallManager at
172.18.1.33. TCP port 2000 is the CallManager. The second one is a video connection established
between another internal Cisco IP Phone at local address 10.0.0.22 and the same Cisco CallManager.
hostname# show skinny
---------------------------------------------------------------
1
AUDIO 10.0.0.11/22948
2
VIDEO 10.0.0.22/20798
The output indicates that a call has been established between two internal Cisco IP Phones. The RTP
listening ports of the first and second phones are UDP 22948 and 20798 respectively.
The following is sample output from the show xlate debug command for these Skinny connections:
hostname# show xlate debug
2 in use, 2 most used
Flags:
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-92
LOCAL
10.0.0.11/52238
10.0.0.22/52232
D - DNS, d - dump, I - identity, i - inside, n - no random,
Chapter 22
Example
22-12, which creates a class map to match
FOREIGN
172.18.1.33/2000
172.18.1.22/20798
172.18.1.33/2000
172.18.1.11/22948
Applying Application Layer Protocol Inspection
Step
3, and identify all the interfaces
STATE
1
1
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
