Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 371

    Page 371 12-35 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols Skinny (SCCP) Inspection Minimum prefix length: 4 Media timeout: 00:05:00 Signaling timeout: 01:00:00. RTP conformance: Not enforced. –Medium Registration: Not enforced. Maximum message ID: 0x141. Minimum prefix length: 4. Media timeout: 00:01:00. Signaling timeout: 00:05:00. RTP conformance: Enforced. Limit payload to audio or video, based on the signaling exchange: No.... 
     
12-35
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  Skinny (SCCP) Inspection
Minimum prefix length: 4
Media timeout: 00:05:00
Signaling timeout: 01:00:00.
RTP conformance: Not enforced.
–Medium
Registration: Not enforced.
Maximum message ID: 0x141.
Minimum prefix length: 4.
Media timeout: 00:01:00.
Signaling timeout: 00:05:00.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: No....

    Page 372

    Page 372 12-36 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols Skinny (SCCP) Inspection Delete—Deletes a message ID filter. Move Up—Moves an entry up in the list. Move Down—Moves an entry down in the list. Add/Edit SCCP (Skinny) Policy Map (Security Level) Configuration > Global Objects > Inspect Maps > SCCP (Skinny) > SCCP (Skinny) Inspect Map > Basic View The Add/Edit SCCP (Skinny) Policy Map pane lets you configure the security... 
     
12-36
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  Skinny (SCCP) Inspection
Delete—Deletes a message ID filter.
Move Up—Moves an entry up in the list.
Move Down—Moves an entry down in the list.
Add/Edit SCCP (Skinny) Policy Map (Security Level)
Configuration > Global Objects  > Inspect Maps > SCCP (Skinny) > SCCP (Skinny) Inspect 
Map > Basic View
The Add/Edit SCCP (Skinny) Policy Map pane lets you configure the security...

    Page 373

    Page 373 12-37 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols Skinny (SCCP) Inspection Limit payload to audio or video, based on the signaling exchange: Yes. –Message ID Filtering—Opens the Messaging ID Filtering dialog box for configuring message ID filters. –Default Level—Sets the security level back to the default. Details—Shows additional parameter, RTP conformance, and message ID filtering settings to configure. Add/Edit SCCP... 
     
12-37
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  Skinny (SCCP) Inspection
Limit payload to audio or video, based on the signaling exchange: Yes.
–Message ID Filtering—Opens the Messaging ID Filtering dialog box for configuring message 
ID filters.
–Default Level—Sets the security level back to the default.
Details—Shows additional parameter, RTP conformance, and message ID filtering settings to 
configure.
Add/Edit SCCP...

    Page 374

    Page 374 12-38 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols Skinny (SCCP) Inspection –Edit—Opens the Edit Message ID Filtering dialog box to edit a message ID filter. –Delete—Deletes a message ID filter. –Move Up—Moves an entry up in the list. –Move Down—Moves an entry down in the list. Add/Edit Message ID Filter Configuration > Global Objects > Inspect Maps > SCCP (Skinny) > SCCP (Skinny) Inspect Map > Advanced View > Add/Edit... 
     
12-38
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  Skinny (SCCP) Inspection
–Edit—Opens the Edit Message ID Filtering dialog box to edit a message ID filter.
–Delete—Deletes a message ID filter.
–Move Up—Moves an entry up in the list.
–Move Down—Moves an entry down in the list.
Add/Edit Message ID Filter
Configuration > Global Objects  > Inspect Maps > SCCP (Skinny) > SCCP (Skinny) Inspect 
Map > Advanced View > Add/Edit...

    Page 375

    Page 375 CH A P T E R 13-1 Cisco ASA Series Firewall ASDM Configuration Guide 13 Configuring Inspection of Database and Directory Protocols This chapter describes how to configure application layer protocol inspection. Inspection engines are required for services that embed IP addressing information in the user data packet or that open secondary channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection instead of passing the packet through the fast path. As a... 
    CH A P T E R
 
13-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
13
Configuring Inspection of Database and 
Directory Protocols
This chapter describes how to configure application layer protocol inspection. Inspection engines are 
required for services that embed IP addressing information in the user data packet or that open secondary 
channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection 
instead of passing the packet through the fast path. As a...

    Page 376

    Page 376 13-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 13 Configuring Inspection of Database and Directory Protocols SQL*Net Inspection During connection negotiation time, a BIND PDU is sent from the client to the server. Once a successful BIND RESPONSE from the server is received, other operational messages may be exchanged (such as ADD, DEL, SEARCH, or MODIFY) to perform operations on the ILS Directory. The ADD REQUEST and SEARCH RESPONSE PDUs may contain IP addresses of... 
     
13-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 13      Configuring Inspection of Database and Directory Protocols
  SQL*Net Inspection
During connection negotiation time, a BIND PDU is sent from the client to the server. Once a successful 
BIND RESPONSE from the server is received, other operational messages may be exchanged (such as 
ADD, DEL, SEARCH, or MODIFY) to perform operations on the ILS Directory. The ADD REQUEST 
and SEARCH RESPONSE PDUs may contain IP addresses of...

    Page 377

    Page 377 13-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 13 Configuring Inspection of Database and Directory Protocols Sun RPC Inspection SQL*Net Version 2 TNSFrame types (Connect, Accept, Refuse, Resend, and Marker) will not be scanned for addresses to NAT nor will inspection open dynamic connections for any embedded ports in the packet. SQL*Net Version 2 TNSFrames, Redirect, and Data packets will be scanned for ports to open and addresses to NAT, if preceded by a REDIRECT TNSFrame... 
     
13-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 13      Configuring Inspection of Database and Directory Protocols
  Sun RPC Inspection
SQL*Net Version 2 TNSFrame types (Connect, Accept, Refuse, Resend, and Marker) will not be 
scanned for addresses to NAT nor will inspection open dynamic connections for any embedded ports in 
the packet. 
SQL*Net Version 2 TNSFrames, Redirect, and Data packets will be scanned for ports to open and 
addresses to NAT, if preceded by a REDIRECT TNSFrame...

    Page 378

    Page 378 13-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 13 Configuring Inspection of Database and Directory Protocols Sun RPC Inspection The Configuration > Firewall > Advanced > SUNRPC Server pane shows which SunRPC services can traverse the ASA and their specific timeout, on a per server basis. Fields Interface—Displays the interface on which the SunRPC server resides. IP address—Displays the IP address of the SunRPC server. Mask—Displays the subnet mask of the IP Address of the... 
     
13-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 13      Configuring Inspection of Database and Directory Protocols
  Sun RPC Inspection
The Configuration > Firewall > Advanced > SUNRPC Server pane shows which SunRPC services can 
traverse the ASA and their specific timeout, on a per server basis. 
Fields
Interface—Displays the interface on which the SunRPC server resides. 
IP address—Displays the IP address of the SunRPC server. 
Mask—Displays the subnet mask of the IP Address of the...

    Page 379

    Page 379 CH A P T E R 14-1 Cisco ASA Series Firewall ASDM Configuration Guide 14 Configuring Inspection for Management Application Protocols This chapter describes how to configure application layer protocol inspection. Inspection engines are required for services that embed IP addressing information in the user data packet or that open secondary channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection instead of passing the packet through the fast path. As a... 
    CH A P T E R
 
14-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
14
Configuring Inspection for Management 
Application Protocols
This chapter describes how to configure application layer protocol inspection. Inspection engines are 
required for services that embed IP addressing information in the user data packet or that open secondary 
channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection 
instead of passing the packet through the fast path. As a...

    Page 380

    Page 380 14-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 14 Configuring Inspection for Management Application Protocols DCERPC Inspection This typically involves a client querying a server called the Endpoint Mapper listening on a well known port number for the dynamically allocated network information of a required service. The client then sets up a secondary connection to the server instance providing the service. The security appliance allows the appropriate port number and... 
     
14-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 14      Configuring Inspection for Management Application Protocols
  DCERPC Inspection
This typically involves a client querying a server called the Endpoint Mapper listening on a well known 
port number for the dynamically allocated network information of a required service. The client then sets 
up a secondary connection to the server instance providing the service. The security appliance allows the 
appropriate port number and...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals