Ctiqbe Sample Configurations - Cisco 7604 Configuration Manual

Chapter 22 Applying Application Layer Protocol Inspection
The line beginning with
with an external CallManager and the CTI device address and ports are PATed to that external interface.
This line does not appear if the CallManager is located on an internal interface, or if the internal CTI
device address and ports are NATed to the same external interface that is used by the CallManager.
The output indicates a call has been established between this CTI device and another phone at
209.165.201.3. The RTP and RTCP listening ports of the other phone are UDP 26822 and 26823. The
other phone locates on the same interface as the CallManager because the FWSM does not maintain a
CTIQBE session record associated with the second phone and CallManager. The active call leg on the
CTI device side can be identified with Device ID 27 and Call ID 0.
The following is sample output from the show xlate debug command for these CTIBQE connections:
hostname# show xlate debug
3 in use, 3 most used
Flags:
TCP PAT from inside:10.0.0.99/1117 to outside:209.165.201.2/1025 flags ri idle 0:00:22
timeout 0:00:30
UDP PAT from inside:10.0.0.99/16908 to outside:209.165.201.2/1028 flags ri idle 0:00:00
timeout 0:04:10
UDP PAT from inside:10.0.0.99/16909 to outside:209.165.201.2/1029 flags ri idle 0:00:23
timeout 0:04:10
The show conn state ctiqbe command displays the status of CTIQBE connections. In the output, the
media connections allocated by the CTIQBE inspection engine are denoted by a 'C' flag. The following
is sample output from the show conn state ctiqbe command.
hostname# show conn state ctiqbe
1 in use, 10 most used
hostname# show conn state ctiqbe detail
1 in use, 10 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

CTIQBE Sample Configurations

The following figure shows a sample configuration for a single transparent firewall for Cisco IP
SoftPhone
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
RTP/RTCP: PAT xlates:
D - DNS, d - dump, I - identity, i - inside, n - no random,
r - portmap, s - static
B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
E - outside back connection, F - outside FIN, f - inside FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
i - incomplete, J - GTP, j - GTP data, k - Skinny media,
M - SMTP data, m - SIP media, O - outbound data, P - inside back connection,
q - SQL*Net data, R - outside acknowledged FIN,
R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
(Figure 22-2).
appears only if an internal CTI device has registered
CTIQBE Inspection
22-13