8-35
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 8 Inspection for Voice and Video Protocols
Skinny (SCCP) Inspection
Procedure
Step 1
If necessary, create an L3/L4 class map to identify the traffic for which you want to apply the inspection.
class-map
name
match
parameter
Example:
hostname(config)# class-map sccp_class_map
hostname(config-cmap)# match access-list sccp
In the default global policy, the inspection_default class map is a special class map that includes default
ports for all inspection types (
match default-inspection-traffic
). If you are using this class map in
either the default policy or for a new service policy, you can skip this step.
For information on matching statements, see
Identify Traffic (Layer 3/4 Class Maps), page 1-13
Step 2
Add or edit a policy map that sets the actions to take with the class map traffic.
policy-map
name
Example:
hostname(config)# policy-map global_policy
In the default configuration, the global_policy policy map is assigned globally to all interfaces. If you
want to edit the global_policy, enter global_policy as the policy name.
Step 3
Identify the L3/L4 class map you are using for SCCP inspection.
class
name
Example:
hostname(config-pmap)# class inspection_default
To edit the default policy, or to use the special inspection_default class map in a new policy, specify
inspection_default
for the
name
. Otherwise, you are specifying the class you created earlier in this
procedure.
Step 4
Configure SCCP inspection.
inspect skinny
[
sccp_policy_map
] [
tls-proxy
proxy_name
]
Where:
•
sccp_policy_map
is the optional SCCP inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the SCCP inspection policy map, see
Configure a Skinny (SCCP) Inspection Policy Map for Additional Inspection Control, page 8-33
.
•
tls-proxy
proxy_name
identifies the TLS proxy to use for this inspection. You need a TLS proxy
only if you want to enable inspection of encrypted traffic.
Example:
hostname(config-class)# no inspect skinny
hostname(config-class)# inspect skinny sccp-map
Note
If you are editing the default global policy (or any in-use policy) to use a different SCCP
inspection policy map, you must remove the SCCP inspection with the
no inspect skinny
command, and then re-add it with the new SCCP inspection policy map name.
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...