Monitoring for cisco mobility advantage – Cisco ASA 5505 User Manual

Page 1064

Advertising
background image

50-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 50 Configuring Cisco Mobility Advantage

Monitoring for Cisco Mobility Advantage

Monitoring for Cisco Mobility Advantage

Mobility advantage proxy can be debugged the same way as IP Telephony. You can enable TLS proxy
debug flags along with SSL syslogs to debug TLS proxy connection problems.

For example, using the following commands to enable TLS proxy-related debugging and syslog output
only:

hostname# debug inspect tls-proxy events

hostname# debug inspect tls-proxy errors

hostname# config terminal

hostname(config)# logging enable

hostname(config)# logging timestamp

hostname(config)# logging list loglist message 711001

hostname(config)# logging list loglist message 725001-725014

hostname(config)# logging list loglist message 717001-717038

hostname(config)# logging buffer-size 1000000

hostname(config)# logging buffered loglist

hostname(config)# logging debug-trace

For information about TLS proxy debugging techniques and sample output, see the

Monitoring the TLS

Proxy, page 49-15.

Enable the debug mmp command for MMP inspection engine debugging:

MMP:: received 60 bytes from outside:1.1.1.1/2000 to inside:2.2.2.2/5443

MMP:: version OLWP-2.0

MMP:: forward 60/60 bytes from outside:1.1.1.1/2000 to inside:2.2.2.2/5443

MMP:: received 100 bytes from inside:2.2.2.2/5443 to outside:1.1.1.1/2000

MMP:: session-id: ABCD_1234

MMP:: status: 201

MMP:: forward 100/100 bytes from inside:2.2.2.2/5443 to outside 1.1.1.1/2000

MMP:: received 80 bytes from outside:1.1.1.1/2000 to inside:2.2.2.2/5443

MMP:: content-type: http/1.1

MMP:: content-length: 40

You can also capture the raw and decrypted data by the TLS proxy by entering the following commands:

hostname# capture mycap interface outside (capturing raw packets)

hostname# capture mycap-dec type tls-proxy interface outside (capturing decrypted data)

hostname# show capture capture_name

hostname# copy /pcap capture:capture_name tftp://tftp_location

Step 6

hostname(config-pmap)# inspect mmp tls-proxy

proxy_name

Example:

hostname(config-pmap)# inspect mmp tls-proxy

cuma_proxy

Enables SCCP (Skinny) application inspection and
enables the phone proxy for the specified inspection
session.

Step 7

hostname(config-pmap)# exit

Exits from the Policy Map configuration mode.

Step 8

hostname(config)# service-policy policy_map_name

global

Example:

service-policy global_policy global

Enables the service policy on all interfaces.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals