Cisco Systems ASA 5555-X Network Router User Manual

Open as PDF

of 712

17-14

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 17 Configuring the TLS Proxy for Encrypted Voice Inspection

Configuring the TLS Proxy for Encrypted Voice Inspection

Command Purpose

Step 1

hostname(config)# class-map class_map_name

Example:

ciscoasa(config)# class-map sec_skinny

Configures the secure Skinny class of traffic to

inspect.

Where class_map_name is the name of the Skinny

class map.

Step 2

ciscoasa(config-cmap)# match port tcp eq 2443

Matches the TCP port 2443 to which you want to

apply actions for secure Skinny inspection

Step 3

ciscoasa(config-cmap)# exit

Step 4

hostname(config)# policy-map type inspect skinny

policy_map_name

Example:

ciscoasa(config)# policy-map type inspect skinny

skinny_inspect

Defines special actions for Skinny inspection

application traffic.

Step 5

ciscoasa(config-pmap)# parameters

ciscoasa(config-pmap-p)# ! Skinny inspection

parameters

Specifies the parameters for Skinny inspection.

Parameters affect the behavior of the inspection

engine.

The commands available in parameters

configuration mode depend on the application.

Step 6

ciscoasa(config-pmap-p)# exit Exits from Policy Map configuration mode.

Step 7

hostname(config)# policy-map name

Example:

ciscoasa(config)# policy-map global_policy

Configure the policy map and attach the action to the

class of traffic.

Step 8

ciscoasa(config-pmap)# class inspection_default

Specifies the default class map.

The configuration includes a default Layer 3/4 class

map that the ASA uses in the default global policy.

It is called inspection_default and matches the

default inspection traffic,

Step 9

ciscoasa(config-pmap-c)# inspect skinny skinny_map

Example:

ciscoasa(config-pmap-c)# inspect skinny

skinny_inspect

Enables SCCP (Skinny) application inspection.

Step 10

ciscoasa(config-pmap)# class classmap_name

Example:

ciscoasa(config-pmap)# class sec_skinny

Assigns a class map to the policy map where you can

assign actions to the class map traffic.

Step 11

ciscoasa(config-pmap-c)# inspect skinny skinny_map

tls-proxy proxy_name

Example:

ciscoasa(config-pmap-c)# inspect skinny

skinny_inspect tls-proxy my_proxy

Enables TLS proxy for the specified inspection

session.

Step 12

ciscoasa(config-pmap-c)# exit

Exits from the Policy Map configuration mode.

Step 13

ciscoasa(config)# service-policy policymap_name

global

Example:

ciscoasa(config)# service-policy global_policy

global

Enables the service policy on all interfaces.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASA 5555-X Network Router User Manual