EasyManua.ls Logo

Cisco ASA 5508-X

Cisco ASA 5508-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
14-35
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 14 Inspection for Voice and Video Protocols
History for Voice and Video Protocol Inspection
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Verifying and Monitoring SCCP Inspection
The show skinny command assists in troubleshooting SCCP (Skinny) inspection engine issues. The
following is sample output from the show skinny command under the following conditions. There are
two active Skinny sessions set up across the ASA. The first one is established between an internal Cisco
IP Phone at local address 10.0.0.11 and an external Cisco CallManager at 172.18.1.33. TCP port 2000
is the CallManager. The second one is established between another internal Cisco IP Phone at local
address 10.0.0.22 and the same Cisco CallManager.
hostname# show skinny
LOCAL FOREIGN STATE
---------------------------------------------------------------
1 10.0.0.11/52238 172.18.1.33/2000 1
MEDIA 10.0.0.11/22948 172.18.1.22/20798
2 10.0.0.22/52232 172.18.1.33/2000 1
MEDIA 10.0.0.22/20798 172.18.1.11/22948
The output indicates that a call has been established between two internal Cisco IP Phones. The RTP
listening ports of the first and second phones are UDP 22948 and 20798 respectively.
The following is sample output from the show xlate debug command for these Skinny connections:
hostname# show xlate debug
2 in use, 2 most used
Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
r - portmap, s - static
NAT from inside:10.0.0.11 to outside:172.18.1.11 flags si idle 0:00:16 timeout 0:05:00
NAT from inside:10.0.0.22 to outside:172.18.1.22 flags si idle 0:00:14 timeout 0:05:00
History for Voice and Video Protocol Inspection
Feature Name Releases Feature Information
SIP, SCCP, and TLS Proxy support for IPv6 9.3(1) You can now inspect IPv6 traffic when using SIP, SCCP, and
TLS Proxy (using SIP or SCCP).
We did not modify any commands.
SIP support for Trust Verification Services,
NAT66, CUCM 10.5, and model 8831 phones.
9.3(2) You can now configure Trust Verification Services servers
in SIP inspection. You can also use NAT66. SIP inspection
has been tested with CUCM 10.5.
We added the trust-verification-server parameter
command.

Table of Contents

Other manuals for Cisco ASA 5508-X

Related product manuals