Cisco ASA Series Cli Configuration Manual page 1225

Chapter 1 Configuring the Cisco Phone Proxy
Command
Step 4
hostname(config)# class-map class_map_name
Example:
class-map sec_sip
Step 5
hostname(config-cmap)# match port tcp eq 5061
Step 6
hostname(config-cmap)# exit
Step 7
hostname(config)# policy-map name
Example:
policy-map pp_policy
Step 8
hostname(config-pmap)# class classmap-name
Example:
class sec_sccp
Step 9
hostname(config-pmap-c)# inspect skinny phone-proxy
pp_name
Example:
inspect skinny phone-proxy mypp
Step 10
hostnae(config-pmap)# class classmap-name
Example:
class sec_sip
Step 11
hostname(config-pmap-c)# inspect sip phone-proxy
pp_name
Example:
inspect sip phone-proxy mypp
Step 12
hostname(config-pmap-c)# exit
Step 13
hostname(config)# service-policy policymap_name
interface intf
Example:
service-policy pp_policy interface outside
Configuring Linksys Routers with UDP Port Forwarding for the Phone
Proxy
When IP phones are behind a NAT-capable router, the router can be configured to forward the UDP ports
to the IP address of the IP phone. Specifically, configure the router for UDP port forwarding when an IP
phone is failing during TFTP requests and the failure is due to the router dropping incoming TFTP data
packets. Configure the router to enable UDP port forwarding on port 69 to the IP phone.
As an alternative of explicit UDP forwarding, some Cable/DSL routers require you to designate the IP
phone as a DMZ host. For Cable/DSL routers, this host is a special host that receives all incoming
connections from the public network.
When configuring the phone proxy, there is no functional difference between an IP phone that has UDP
ports explicitly forwarded or an IP phone designated as a DMZ host. The choice is entirely dependent
upon the capabilities and preference of the end user.
Configuring the Phone Proxy
Purpose
Configures the secure SIP class of traffic to inspect.
Where class_map_name is the name of the SIP class
map.
Matches the TCP port 5061 to which you want to
apply actions for secure SIP inspection
Exits from the Class Map configuration mode.
Configure the policy map and attach the action to the
class of traffic.
Assigns a class map to the policy map so that you
can assign actions to the class map traffic.
Where classmap_name is the name of the Skinny
class map.
Enables SCCP (Skinny) application inspection and
enables the phone proxy for the specified inspection
session.
Assigns a class map to the policy map so that you
can assign actions to the class map traffic.
Where classmap_name is the name of the SIP class
map.
Enables SIP application inspection and enables the
phone proxy for the specified inspection session.
Exits from Policy Map configuration mode.
Enables the service policy on the outside interface.
Cisco ASA Series CLI Configuration Guide
1-27