EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #352 background imageLoading...
Page #352 background image
14-32
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 14 Inspection for Voice and Video Protocols
Skinny (SCCP) Inspection
Configure SCCP (Skinny) Inspection
SCCP (Skinny) application inspection performs translation of embedded IP address and port numbers
within the packet data, and dynamic opening of pinholes. It also performs additional protocol
conformance checks and basic state tracking.
SCCP inspection is enabled by default. You need to configure it only if you want non-default processing,
or if you want to identify a TLS proxy to enable encrypted traffic inspection. If you want to customize
SCCP inspection, use the following process.
Procedure
Step 1 Configure a Skinny (SCCP) Inspection Policy Map for Additional Inspection Control, page 14-32.
Step 2 Configure the SCCP Inspection Service Policy, page 14-33.
Configure a Skinny (SCCP) Inspection Policy Map for Additional Inspection Control
To specify actions when a message violates a parameter, create an SCCP inspection policy map. You can
then apply the inspection policy map when you enable SCCP inspection.
Procedure
Step 1 Create an SCCP inspection policy map.
hostname(config)# policy-map type inspect skinny policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step 2 (Optional) Add a description to the policy map.
hostname(config-pmap)# description string
Step 3 (Optional) Drop traffic based on the station message ID field in SCCP messages.
a. Identify the traffic based on the station message ID value in hexadecimal, from 0x0 to 0xffff. You
can either specify a single ID, or a range of IDs, using the match [not] message-id command. If you
use a match not command, then any traffic that does not match the criterion in the match not
command has the action applied.
hostname(config-pmap)# match message-id value
hostname(config-pmap)# match message-id range start_value end_value
Example:
hostname(config-pmap)# match message-id 0x181
hostname(config-pmap)# match message-id range 0x200 0xffff
b. Specify the action to perform on matching packets. You can drop the packet and optionally log it.
hostname(config-pmap)# drop [log]
c. Repeat the process until you identify all message IDs that you want to drop.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals