1-27
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Configuring Linksys Routers with UDP Port Forwarding for the Phone
Proxy
When IP phones are behind a NAT-capable router, the router can be configured to forward the UDP ports
to the IP address of the IP phone. Specifically, configure the router for UDP port forwarding when an IP
phone is failing during TFTP requests and the failure is due to the router dropping incoming TFTP data
packets. Configure the router to enable UDP port forwarding on port 69 to the IP phone.
As an alternative of explicit UDP forwarding, some Cable/DSL routers require you to designate the IP
phone as a DMZ host. For Cable/DSL routers, this host is a special host that receives all incoming
connections from the public network.
When configuring the phone proxy, there is no functional difference between an IP phone that has UDP
ports explicitly forwarded or an IP phone designated as a DMZ host. The choice is entirely dependent
upon the capabilities and preference of the end user.
Step 4
hostname(config)#
class-map
class_map_name
Example:
class-map sec_sip
Configures the secure SIP class of traffic to inspect.
Where
class_map_name
is the name of the SIP class
map.
Step 5
hostname(config-cmap)#
match port tcp
eq
5061
Matches the TCP port 5061 to which you want to
apply actions for secure SIP inspection
Step 6
hostname(config-cmap)#
exit
Exits from the Class Map configuration mode.
Step 7
hostname(config)#
policy-map
name
Example:
policy-map pp_policy
Configure the policy map and attach the action to the
class of traffic.
Step 8
hostname(config-pmap)#
class
classmap-name
Example:
class sec_sccp
Assigns a class map to the policy map so that you
can assign actions to the class map traffic.
Where
classmap_name
is the name of the Skinny
class map.
Step 9
hostname(config-pmap-c)#
inspect skinny phone-proxy
pp_name
Example:
inspect skinny phone-proxy mypp
Enables SCCP (Skinny) application inspection and
enables the phone proxy for the specified inspection
session.
Step 10
hostnae(config-pmap)#
class
classmap-name
Example:
class sec_sip
Assigns a class map to the policy map so that you
can assign actions to the class map traffic.
Where
classmap_name
is the name of the SIP class
map.
Step 11
hostname(config-pmap-c)#
inspect sip phone-proxy
pp_name
Example:
inspect sip phone-proxy mypp
Enables SIP application inspection and enables the
phone proxy for the specified inspection session.
Step 12
hostname(config-pmap-c)#
exit
Exits from Policy Map configuration mode.
Step 13
hostname(config)#
service-policy
policymap_name
interface
intf
Example:
service-policy pp_policy interface outside
Enables the service policy on the outside interface.
Command
Purpose
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......