Cisco Systems and the ASA Services Module Manual De Usuario
16-27
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
Configuring Linksys Routers with UDP Port Forwarding for the Phone Proxy
When IP phones are behind a NAT-capable router, the router can be configured to forward the UDP ports
to the IP address of the IP phone. Specifically, configure the router for UDP port forwarding when an IP
phone is failing during TFTP requests and the failure is due to the router dropping incoming TFTP data
packets. Configure the router to enable UDP port forwarding on port 69 to the IP phone.
to the IP address of the IP phone. Specifically, configure the router for UDP port forwarding when an IP
phone is failing during TFTP requests and the failure is due to the router dropping incoming TFTP data
packets. Configure the router to enable UDP port forwarding on port 69 to the IP phone.
As an alternative of explicit UDP forwarding, some Cable/DSL routers require you to designate the IP
phone as a DMZ host. For Cable/DSL routers, this host is a special host that receives all incoming
connections from the public network.
phone as a DMZ host. For Cable/DSL routers, this host is a special host that receives all incoming
connections from the public network.
When configuring the phone proxy, there is no functional difference between an IP phone that has UDP
ports explicitly forwarded or an IP phone designated as a DMZ host. The choice is entirely dependent
upon the capabilities and preference of the end user.
ports explicitly forwarded or an IP phone designated as a DMZ host. The choice is entirely dependent
upon the capabilities and preference of the end user.
Step 4
hostname(config)# class-map class_map_name
Example:
class-map sec_sip
Configures the secure SIP class of traffic to inspect.
Where class_map_name is the name of the SIP class
map.
map.
Step 5
hostname(config-cmap)# match port tcp eq 5061
Matches the TCP port 5061 to which you want to
apply actions for secure SIP inspection
apply actions for secure SIP inspection
Step 6
hostname(config-cmap)# exit
Exits from the Class Map configuration mode.
Step 7
hostname(config)# policy-map name
Example:
policy-map pp_policy
Configure the policy map and attach the action to the
class of traffic.
class of traffic.
Step 8
hostname(config-pmap)# class classmap-name
Example:
class sec_sccp
Assigns a class map to the policy map so that you
can assign actions to the class map traffic.
can assign actions to the class map traffic.
Where classmap_name is the name of the Skinny
class map.
class map.
Step 9
hostname(config-pmap-c)# inspect skinny phone-proxy
pp_name
Example:
inspect skinny phone-proxy mypp
Enables SCCP (Skinny) application inspection and
enables the phone proxy for the specified inspection
session.
enables the phone proxy for the specified inspection
session.
Step 10
hostnae(config-pmap)# class classmap-name
Example:
class sec_sip
Assigns a class map to the policy map so that you
can assign actions to the class map traffic.
can assign actions to the class map traffic.
Where classmap_name is the name of the SIP class
map.
map.
Step 11
hostname(config-pmap-c)# inspect sip phone-proxy
pp_name
Example:
inspect sip phone-proxy mypp
Enables SIP application inspection and enables the
phone proxy for the specified inspection session.
phone proxy for the specified inspection session.
Step 12
hostname(config-pmap-c)# exit
Exits from Policy Map configuration mode.
Step 13
hostname(config)# service-policy policymap_name
interface
intf
Example:
service-policy pp_policy interface outside
Enables the service policy on the outside interface.
Command
Purpose