Configuring An Mgcp Inspection Policy Map For Additional Inspection Control - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
MGCP Inspection
MGCP endpoints are physical or virtual sources and destinations for data. Media gateways contain
endpoints on which the call agent can create, modify and delete connections to establish and control
media sessions with other multimedia endpoints. Also, the call agent can instruct the endpoints to detect
certain events and generate signals. The endpoints automatically communicate changes in service state
to the call agent.
MGCP transactions are composed of a command and a mandatory response. There are eight types of
commands:
•
•
•
•
•
•
•
•
The first four commands are sent by the call agent to the gateway. The Notify command is sent by the
gateway to the call agent. The gateway may also send a DeleteConnection. The registration of the MGCP
gateway with the call agent is achieved by the RestartInProgress command. The AuditEndpoint and the
AuditConnection commands are sent by the call agent to the gateway.
All commands are composed of a Command header, optionally followed by a session description. All
responses are composed of a Response header, optionally followed by a session description.
•
•
MGCP inspection does not support the use of different IP addresses for MGCP signaling and RTP data.
Note
A common and recommended practice is to send RTP data from a resilient IP address, such as a loopback
or virtual IP address; however, the security appliance requires the RTP data to come from the same
address as MGCP signalling.
Configuring an MGCP Inspection Policy Map for Additional Inspection Control
If the network has multiple call agents and gateways for which the security appliance has to open
pinholes, create an MGCP map. You can then apply the MGCP map when you enable MGCP inspection
according to the
To create an MGCP map, perform the following steps:
To create an MGCP inspection policy map, enter the following command:
Step 1
hostname(config)# policy-map type inspect mgcp map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Cisco Security Appliance Command Line Configuration Guide
25-54
CreateConnection
ModifyConnection
DeleteConnection
NotificationRequest
Notify
AuditEndpoint
AuditConnection
RestartInProgress
The port on which the gateway receives commands from the call agent. Gateways usually listen to
UDP port 2427.
The port on which the call agent receives commands from the gateway. Call agents usually listen to
UDP port 2727.
"Configuring Application Inspection" section on page 25-5
Chapter 25
Configuring Application Layer Protocol Inspection
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
