Filter
Top Products
24-5
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
CTIQBE Inspection
To configure application inspection, perform the following steps:
Step 1 Click Configuration > Firewall > Service Policy Rules.
Step 2 Add or edit a service policy rule according to the “Adding a Service Policy Rule for Through Traffic”
section on page 22-6.
If you want to match non-standard ports, then create a new rule for the non-standard ports. See the
“Default Inspection Policy” section on page 24-3 for the standard ports for each inspection engine. You
can combine multiple rules in the same service policy if desired, so you can create one rule to match
certain traffic, and another to match different traffic. However, if traffic matches a rule that contains an
inspection action, and then matches another rule that also has an inspection action, only the first
matching rule is used.
Step 3 On the Edit Service Policy Rule > Rule Actions dialog box, click the Protocol Inspection tab.
For a new rule, the dialog box is called Add Service Policy Rule Wizard - Rule Actions.
Step 4 Check each inspection type that you want to apply.
Step 5 (Optional) Some inspection engines let you control additional parameters when you apply the inspection
to the traffic. Click Configure for each inspection type to configure an inspect map.
You can either choose an existing map, or create a new one. You can predefine inspect maps from the
Configuration > Firewall > Objects > Inspect Maps pane. See the “Inspect Map Field Descriptions”
section on page 24-59 for detailed information of each inspect map type.
Step 6 You can configure other features for this rule if desired using the other Rule Actions tabs.
Step 7 Click OK (or Finish from the wizard).
CTIQBE Inspection
This section describes CTIQBE application inspection. This section includes the following topics:
• CTIQBE Inspection Overview, page 24-5
• Limitations and Restrictions, page 24-5
CTIQBE Inspection Overview
CTIQBE protocol inspection supports NAT, PAT, and bidirectional NAT. This enables Cisco IP
SoftPhone and other Cisco TAPI/JTAPI applications to work successfully with Cisco CallManager for
call setup across the security appliance.
TAPI and JTAPI are used by many Cisco VoIP applications. CTIQBE is used by Cisco TSP to
communicate with Cisco CallManager.
Limitations and Restrictions
The following summarizes limitations that apply when using CTIQBE application inspection:
• CTIQBE application inspection does not support configurations with the alias command.
• Stateful failover of CTIQBE calls is not supported.