Cisco ASA 5505 User Manual

Page 1050

Advertising
background image

49-14

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 49 Configuring the TLS Proxy for Encrypted Voice Inspection

Configuring the TLS Proxy for Encrypted Voice Inspection

Command

Purpose

Step 1

hostname(config)# class-map class_map_name

Example:

hostname(config)# class-map sec_skinny

Configures the secure Skinny class of traffic to
inspect.

Where class_map_name is the name of the Skinny
class map.

Step 2

hostname(config-cmap)# match port tcp eq 2443

Matches the TCP port 2443 to which you want to
apply actions for secure Skinny inspection

Step 3

hostname(config-cmap)# exit

Step 4

hostname(config)# policy-map type inspect skinny

policy_map_name

Example:

hostname(config)# policy-map type inspect skinny

skinny_inspect

Defines special actions for Skinny inspection
application traffic.

Step 5

hostname(config-pmap)# parameters

hostname(config-pmap-p)# ! Skinny inspection

parameters

Specifies the parameters for Skinny inspection.
Parameters affect the behavior of the inspection
engine.

The commands available in parameters
configuration mode depend on the application.

Step 6

hostname(config-pmap-p)# exit

Exits from Policy Map configuration mode.

Step 7

hostname(config)# policy-map name

Example:

hostname(config)# policy-map global_policy

Configure the policy map and attach the action to the
class of traffic.

Step 8

hostname(config-pmap)# class inspection_default

Specifies the default class map.

The configuration includes a default Layer 3/4 class
map that the ASA uses in the default global policy.
It is called inspection_default and matches the
default inspection traffic,

Step 9

hostname(config-pmap-c)# inspect skinny skinny_map

Example:

hostname(config-pmap-c)# inspect skinny

skinny_inspect

Enables SCCP (Skinny) application inspection.

Step 10

hostname(config-pmap)# class classmap_name

Example:

hostname(config-pmap)# class sec_skinny

Assigns a class map to the policy map where you can
assign actions to the class map traffic.

Step 11

hostname(config-pmap-c)# inspect skinny skinny_map

tls-proxy

proxy_name

Example:

hostname(config-pmap-c)# inspect skinny

skinny_inspect tls-proxy my_proxy

Enables TLS proxy for the specified inspection
session.

Step 12

hostname(config-pmap-c)# exit

Exits from the Policy Map configuration mode.

Step 13

hostname(config)# service-policy policymap_name

global

Example:

hostname(config)# service-policy global_policy

global

Enables the service policy on all interfaces.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals