Cisco Systems ASA 5585-X Manual De Usuario
11-12
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Configuring Inspection for Voice and Video Protocols
MGCP Inspection
MGCP transactions are composed of a command and a mandatory response. There are eight types of
commands:
commands:
•
CreateConnection
•
ModifyConnection
•
DeleteConnection
•
NotificationRequest
•
Notify
•
AuditEndpoint
•
AuditConnection
•
RestartInProgress
The first four commands are sent by the call agent to the gateway. The Notify command is sent by the
gateway to the call agent. The gateway may also send a DeleteConnection. The registration of the MGCP
gateway with the call agent is achieved by the RestartInProgress command. The AuditEndpoint and the
AuditConnection commands are sent by the call agent to the gateway.
gateway to the call agent. The gateway may also send a DeleteConnection. The registration of the MGCP
gateway with the call agent is achieved by the RestartInProgress command. The AuditEndpoint and the
AuditConnection commands are sent by the call agent to the gateway.
All commands are composed of a Command header, optionally followed by a session description. All
responses are composed of a Response header, optionally followed by a session description.
responses are composed of a Response header, optionally followed by a session description.
•
The port on which the gateway receives commands from the call agent. Gateways usually listen to
UDP port 2427.
UDP port 2427.
•
The port on which the call agent receives commands from the gateway. Call agents usually listen to
UDP port 2727.
UDP port 2727.
Note
MGCP inspection does not support the use of different IP addresses for MGCP signaling and RTP data.
A common and recommended practice is to send RTP data from a resilient IP address, such as a loopback
or virtual IP address; however, the ASA requires the RTP data to come from the same address as MGCP
signalling.
A common and recommended practice is to send RTP data from a resilient IP address, such as a loopback
or virtual IP address; however, the ASA requires the RTP data to come from the same address as MGCP
signalling.
Configuring an MGCP Inspection Policy Map for Additional Inspection Control
If the network has multiple call agents and gateways for which the ASA has to open pinholes, create an
MGCP map. You can then apply the MGCP map when you enable MGCP inspection.
MGCP map. You can then apply the MGCP map when you enable MGCP inspection.
To create an MGCP map, perform the following steps:
Step 1
To create an MGCP inspection policy map, enter the following command:
ciscoasa(config)# policy-map type inspect mgcp map_name
ciscoasa(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
mode.
Step 2
(Optional) To add a description to the policy map, enter the following command:
ciscoasa(config-pmap)# description string
Step 3
To configure parameters that affect the inspection engine, perform the following steps:
a.
To enter parameters configuration mode, enter the following command: