13-12
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 13 Configuring Application Protocol Inspection
Detailed Information About Inspection Engines
During connection negotiation time, a Berkeley Internet Name Domain (BIND) protocol data unit (PDU)
is sent from the client to the server. Once a successful BIND RESPONSE from the server is received,
other operational messages might be exchanged (such as ADD, DEL, SEARCH, or MODIFY) to perform
operations on the ILS Directory. The ADD REQUEST and SEARCH RESPONSE PDUs might contain
IP addresses of NetMeeting peers, used by H.323 (SETUP and CONNECT messages) to establish
NetMeeting sessions. Microsoft NetMeeting v2.X and v3.X provide ILS support.
The ILS inspection engine performs the following operations:
• Decodes the LDAP REQUEST/RESPONSE PDUs using the bit error rate (BER) decode functions
• Parses the LDAP packet
• Extracts IP addresses
• Translates IP addresses as necessary
• Encodes the PDU with translated addresses using BER encode functions
• Copies the newly encoded PDU back to the TCP packet
• Performs incremental TCP checksum and sequence number adjustment
The ILS inspection engine has the following limitations:
• Referral requests and responses are not supported
• Users in multiple directories are not unified
• Single hosts that register to multiple directories using different name are not supported by the ILS
inspection engine. You must use the same for all directories.
MGCP Inspection Engine
The Media Gateway Control Protocol (MGCP) is used for controlling media gateways from external call
control elements called media gateway controllers, or call agents. A media gateway is typically a
network element that provides conversion between the audio signals carried on telephone circuits and
data packets carried over the Internet or over other packet networks.
To use MGCP, you typically need to configure at least two ports. One on which the gateway receives
commands and one for the port on which the call agent receives commands. Normally, a call agent sends
commands to port 2427, while a gateway sends commands to port 2727.
To configure the MGCP inspection engine, enter the following command:
FWSM/contexta(config)# fixup protocol mgcp
port
[-
port
]
The default ports are 2427 and 2727
Neither NAT or PAT are supported by the FWSM with MGCP.
This section includes the following topics:
• MGCP Overview, page 13-13
• Configuration for Multiple Call Agents and Gateways, page 13-13
• Viewing MGCP Information, page 13-14
To Next Page
Loading...
Need help?
General