Cisco FirePOWER ASA 5500 series Configuration Manual page 473
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Application Layer Protocol Inspection
(Optional) To add a description to the policy map, enter the following command:
Step 2
hostname(config-pmap)# description string
To configure parameters that affect the inspection engine, perform the following steps:
Step 3
To enter parameters configuration mode, enter the following command:
a.
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
To configure the call agents, enter the following command for each call agent:
b.
hostname(config-pmap-p)# call-agent ip_address group_id
Use the call-agent command to specify a group of call agents that can manage one or more
gateways. The call agent group information is used to open connections for the call agents in the
group (other than the one a gateway sends a command to) so that any of the call agents can send the
response. call agents with the same group_id belong to the same group. A call agent may belong to
more than one group. The group_id option is a number from 0 to 4294967295. The ip_address
option specifies the IP address of the call agent.
Note
c.
To configure the gateways, enter the following command for each gateway:
hostname(config-pmap-p)# gateway ip_address group_id
Use the gateway command to specify which group of call agents are managing a particular gateway.
The IP address of the gateway is specified with the ip_address option. The group_id option is a
number from 0 to 4294967295 that must correspond with the group_id of the call agents that are
managing the gateway. A gateway may only belong to one group.
If you want to change the maximum number of commands allowed in the MGCP command queue,
d.
enter the following command:
hostname(config-pmap-p)# command-queue command_limit
The following example shows how to define an MGCP map:
hostname(config)# policy-map type inspect mgcp sample_map
hostname(config-pmap)# parameters
hostname(config-pmap-p)# call-agent 10.10.11.5 101
hostname(config-pmap-p)# call-agent 10.10.11.6 101
hostname(config-pmap-p)# call-agent 10.10.11.7 102
hostname(config-pmap-p)# call-agent 10.10.11.8 102
hostname(config-pmap-p)# gateway 10.10.10.115 101
hostname(config-pmap-p)# gateway 10.10.10.116 102
hostname(config-pmap-p)# gateway 10.10.10.117 102
hostname(config-pmap-p)# command-queue 150
OL-10088-01
MGCP call agents send AUEP messages to determine if MGCP end points are present. This
establishes a flow through the security appliance and allows MGCP end points to register with
the call agent.
Cisco Security Appliance Command Line Configuration Guide
MGCP Inspection
25-55
Advertisement
Table of Contents
Troubleshooting
