14-13
Cisco ASA Series Firewall CLI Configuration Guide
 
Chapter 14      Inspection for Voice and Video Protocols
  MGCP Inspection
Figure 14-1 Using NAT with MGCP
MGCP endpoints are physical or virtual sources and destinations for data. Media gateways contain 
endpoints on which the call agent can create, modify and delete connections to establish and control 
media sessions with other multimedia endpoints. Also, the call agent can instruct the endpoints to detect 
certain events and generate signals. The endpoints automatically communicate changes in service state 
to the call agent. 
• Gateways usually listen to UDP port 2427 to receive commands from the call agent.
• The port on which the call agent receives commands from the gateway. Call agents usually listen to 
UDP port 2727 to receive commands from the gateway.
Note MGCP inspection does not support the use of different IP addresses for MGCP signaling and RTP data. 
A common and recommended practice is to send RTP data from a resilient IP address, such as a loopback 
or virtual IP address; however, the ASA requires the RTP data to come from the same address as MGCP 
signaling.
Configure MGCP Inspection
Use the following process to enable MGCP inspection.
Procedure
Step 1 Configuring an MGCP Inspection Policy Map for Additional Inspection Control, page 14-14.
Step 2 Configure the MGCP Inspection Service Policy, page 14-15.
119936
Cisco
CallManager
Gateway is told
to send its media
to 209.165.200.231
(public address
of the IP Phone)
M
IP
M
M
Cisco
PGW 2200
H.323
To PSTN
209.165.201.10
209.165.201.11
209.165.201.1
IP IP
Branch offices
RTP to 209.165.201.1
from 209.165.200.231
RTP to 10.0.0.76
from 209.165.200.231
10.0.0.76
209.165.200.231
MGCP
SCCP
GW
GW
209.165.200.231