Cisco ASA Series Cli Configuration Manual page 1266
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring the TLS Proxy for Encrypted Voice Inspection
Command
Step 1
hostname(config)# class-map class_map_name
Example:
hostname(config)# class-map sec_skinny
Step 2
hostname(config-cmap)# match port tcp eq 2443
Step 3
hostname(config-cmap)# exit
Step 4
hostname(config)# policy-map type inspect skinny
policy_map_name
Example:
hostname(config)# policy-map type inspect skinny
skinny_inspect
Step 5
hostname(config-pmap)# parameters
hostname(config-pmap-p)# ! Skinny inspection
parameters
Step 6
hostname(config-pmap-p)# exit
Step 7
hostname(config)# policy-map name
Example:
hostname(config)# policy-map global_policy
Step 8
hostname(config-pmap)# class inspection_default
Step 9
hostname(config-pmap-c)# inspect skinny skinny_map
Example:
hostname(config-pmap-c)# inspect skinny
skinny_inspect
Step 10
hostname(config-pmap)# class classmap_name
Example:
hostname(config-pmap)# class sec_skinny
Step 11
hostname(config-pmap-c)# inspect skinny skinny_map
tls-proxy proxy_name
Example:
hostname(config-pmap-c)# inspect skinny
skinny_inspect tls-proxy my_proxy
Step 12
hostname(config-pmap-c)# exit
Step 13
hostname(config)# service-policy policymap_name
global
Example:
hostname(config)# service-policy global_policy
global
Cisco ASA Series CLI Configuration Guide
1-14
Chapter 1
Configuring the TLS Proxy for Encrypted Voice Inspection
Purpose
Configures the secure Skinny class of traffic to
inspect.
Where class_map_name is the name of the Skinny
class map.
Matches the TCP port 2443 to which you want to
apply actions for secure Skinny inspection
Defines special actions for Skinny inspection
application traffic.
Specifies the parameters for Skinny inspection.
Parameters affect the behavior of the inspection
engine.
The commands available in parameters
configuration mode depend on the application.
Exits from Policy Map configuration mode.
Configure the policy map and attach the action to the
class of traffic.
Specifies the default class map.
The configuration includes a default Layer 3/4 class
map that the ASA uses in the default global policy.
It is called inspection_default and matches the
default inspection traffic,
Enables SCCP (Skinny) application inspection.
Assigns a class map to the policy map where you can
assign actions to the class map traffic.
Enables TLS proxy for the specified inspection
session.
Exits from the Policy Map configuration mode.
Enables the service policy on all interfaces.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
