Limitations and restrictions, Verifying and monitoring ctiqbe inspection – Cisco ASA 5505 User Manual

44-2

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 44 Configuring Inspection for Voice and Video Protocols

CTIQBE Inspection

Limitations and Restrictions

The following summarizes limitations that apply when using CTIQBE application inspection:

•

CTIQBE application inspection does not support configurations with the alias command.

•

Stateful failover of CTIQBE calls is not supported.

•

Entering the debug ctiqbe command may delay message transmission, which may have a
performance impact in a real-time environment. When you enable this debugging or logging and
Cisco IP SoftPhone seems unable to complete call setup through the ASA, increase the timeout
values in the Cisco TSP settings on the system running Cisco IP SoftPhone.

The following summarizes special considerations when using CTIQBE application inspection in specific
scenarios:

•

If two Cisco IP SoftPhones are registered with different Cisco CallManagers, which are connected
to different interfaces of the ASA, calls between these two phones fails.

•

When Cisco CallManager is located on the higher security interface compared to
Cisco IP SoftPhones, if NAT or outside NAT is required for the Cisco CallManager IP address, the
mapping must be static as Cisco IP SoftPhone requires the Cisco CallManager IP address to be
specified explicitly in its Cisco TSP configuration on the PC.

•

When using PAT or Outside PAT, if the Cisco CallManager IP address is to be translated, its TCP
port 2748 must be statically mapped to the same port of the PAT (interface) address for Cisco IP
SoftPhone registrations to succeed. The CTIQBE listening port (TCP 2748) is fixed and is not
user-configurable on Cisco CallManager, Cisco IP SoftPhone, or Cisco TSP.

Verifying and Monitoring CTIQBE Inspection

The show ctiqbe command displays information regarding the CTIQBE sessions established across the
ASA. It shows information about the media connections allocated by the CTIQBE inspection engine.

The following is sample output from the show ctiqbe command under the following conditions. There
is only one active CTIQBE session setup across the ASA. It is established between an internal CTI
device (for example, a Cisco IP SoftPhone) at local address 10.0.0.99 and an external Cisco CallManager
at 172.29.1.77, where TCP port 2748 is the Cisco CallManager. The heartbeat interval for the session is
120 seconds.

hostname# # show ctiqbe

Total: 1

LOCAL FOREIGN STATE HEARTBEAT

---------------------------------------------------------------

1 10.0.0.99/1117 172.29.1.77/2748 1 120

----------------------------------------------

RTP/RTCP: PAT xlates: mapped to 172.29.1.99(1028 - 1029)

----------------------------------------------

MEDIA: Device ID 27 Call ID 0

Foreign 172.29.1.99 (1028 - 1029)

Local 172.29.1.88 (26822 - 26823)

----------------------------------------------

The CTI device has already registered with the CallManager. The device internal address and RTP
listening port is PATed to 172.29.1.99 UDP port 1028. Its RTCP listening port is PATed to UDP 1029.