Verifying And Monitoring Sccp Inspection; History For Voice And Video Protocol Inspection - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 14
Inspection for Voice and Video Protocols
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Verifying and Monitoring SCCP Inspection
The show skinny command assists in troubleshooting SCCP (Skinny) inspection engine issues. The
following is sample output from the show skinny command under the following conditions. There are
two active Skinny sessions set up across the ASA. The first one is established between an internal Cisco
IP Phone at local address 10.0.0.11 and an external Cisco CallManager at 172.18.1.33. TCP port 2000
is the CallManager. The second one is established between another internal Cisco IP Phone at local
address 10.0.0.22 and the same Cisco CallManager.
hostname# show skinny
---------------------------------------------------------------
1
MEDIA 10.0.0.11/22948
2
MEDIA 10.0.0.22/20798
The output indicates that a call has been established between two internal Cisco IP Phones. The RTP
listening ports of the first and second phones are UDP 22948 and 20798 respectively.
The following is sample output from the show xlate debug command for these Skinny connections:
hostname# show xlate debug
2 in use, 2 most used
Flags:
NAT from inside:10.0.0.11 to outside:172.18.1.11 flags si idle 0:00:16 timeout 0:05:00
NAT from inside:10.0.0.22 to outside:172.18.1.22 flags si idle 0:00:14 timeout 0:05:00
History for Voice and Video Protocol Inspection
Feature Name
SIP, SCCP, and TLS Proxy support for IPv6
SIP support for Trust Verification Services,
NAT66, CUCM 10.5, and model 8831 phones.
LOCAL
10.0.0.11/52238
10.0.0.22/52232
D - DNS, d - dump, I - identity, i - inside, n - no random,
r - portmap, s - static
Releases
9.3(1)
9.3(2)
History for Voice and Video Protocol Inspection
FOREIGN
172.18.1.33/2000
172.18.1.22/20798
172.18.1.33/2000
172.18.1.11/22948
Feature Information
You can now inspect IPv6 traffic when using SIP, SCCP, and
TLS Proxy (using SIP or SCCP).
We did not modify any commands.
You can now configure Trust Verification Services servers
in SIP inspection. You can also use NAT66. SIP inspection
has been tested with CUCM 10.5.
We added the trust-verification-server parameter
command.
Cisco ASA Series Firewall CLI Configuration Guide
STATE
1
1
14-35
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
