Smtp And Extended Smtp Inspection; Smtp And Extended Smtp Inspection Overview - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
SMTP and Extended SMTP Inspection
hostname(config)# access-group voice in interface outside
hostname(config)# access-group voice in interface inside
Configure SCCP (Skinny) inspection:
hostname(config)# policy-map global_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect skinny
Output of show skinny when Skinny phone call through the firewall module is active:
hostname(config)# show skinny
---------------------------------------------------------------------
1
2
Output of show conn when there is one active phone call between Skinny phones, each reachable
through inside and outside interfaces. Skinny connections are marked by a k flag.
hostname(config)# show conn
3 in use, 26 most used
TCP out 209.165.201.210:2000 in 10.0.0.2:49723 idle 0:00:07 Bytes 10232 FLAGS - UOI
TCP out 209.165.201.211:49692 in 209.165.201.210:49723 idle 0:00:27 Bytes 12394 FLAGS -
UBOI
UDP out 209.165.201.211:19212 in 10.0.0.2:24002 idle 0:00:00 Bytes 3575654 FLAGS - K
Multicast sessions:
IPV6 connections:
SMTP and Extended SMTP Inspection
This section describes how to enable SMTP and ESMTP application inspection and change the default
port configuration. This section includes the following topics:
•
•
SMTP and Extended SMTP Inspection Overview
The FWSM supports application inspection for SMTP and ESMTP. Application inspection for these
protocols protects against attacks by restricting the types of SMTP or ESMTP commands that can pass
through the FWSM and by adding monitoring capabilities.
ESMTP is an enhancement to the SMTP protocol and is similar to SMTP. For convenience, the term
SMTP is used in this document to refer to both SMTP and ESMTP. The application inspection process
for ESMTP includes support for SMTP sessions. Most commands used in an ESMTP session are the
same as those used in an SMTP session but an ESMTP session is considerably faster and offers more
options related to reliability and security, such as delivery status notification.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-94
LOCAL
10.0.0.2/49723
AUDIO
209.165.201.2/24002
209.165.201.210/2000
AUDIO
10.0.0.2/24002
Network Processor 1 connections
Network Processor 2 connections
Network Processor 1 connections
Network Processor 2 connections
SMTP and Extended SMTP Inspection Overview, page 22-94
Configuring and Enabling SMTP and Extended SMTP Application Inspection, page 22-96
Chapter 22
Applying Application Layer Protocol Inspection
FOREIGN
STATE
209.165.201.210/2000
209.165.201.211/19212
209.165.201.211/49692
209.165.201.211/19212
1
1
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
