Cisco 7604 Configuration Guide - Page 427
Enabling and Configuring CTIQBE Inspection
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 427 highlights
Chapter 22 Applying Application Layer Protocol Inspection CTIQBE Inspection • Stateful Failover of CTIQBE calls is not supported. • Entering the debug ctiqbe command may delay message transmission, which may have a performance impact in a real-time environment. When you enable this debugging or logging and Cisco IP SoftPhone seems unable to complete call setup through the FWSM, increase the timeout values in the Cisco TSP settings on the system running Cisco IP SoftPhone. The following summarizes special considerations when using CTIQBE application inspection in specific scenarios: • If two Cisco IP SoftPhones are registered with different Cisco CallManagers, which are connected to different interfaces of the FWSM, calls between these two phones fails. • When Cisco CallManager is located on the higher security interface compared to Cisco IP SoftPhones, if NAT or outside NAT is required for the Cisco CallManager IP address, the mapping must be static as Cisco IP SoftPhone requires the Cisco CallManager IP address to be specified explicitly in its Cisco TSP configuration on the PC. • When using PAT or Outside PAT, if the Cisco CallManager IP address is to be translated, its TCP port 2748 must be statically mapped to the same port of the PAT (interface) address for Cisco IP SoftPhone registrations to succeed. The CTIQBE listening port (TCP 2748) is fixed and is not user-configurable on Cisco CallManager, Cisco IP SoftPhone, or Cisco TSP. Enabling and Configuring CTIQBE Inspection To enable CTIQBE inspection or change the default port used for receiving CTIQBE traffic, perform the following steps: Step 1 Step 2 Step 3 Step 4 Step 5 Create a class map or modify an existing class map to identify CTIQBE traffic. Use the class-map command to do so, as follows. hostname(config)# class-map class_map_name hostname(config-cmap)# where class_map_name is the name of the traffic class. When you enter the class-map command, the CLI enters class map configuration mode. Use the match port command to identify CTIQBE traffic, as follows: hostname(config-cmap)# match port tcp eq 2748 Create a policy map or modify an existing policy map that you want to use to apply the CTIQBE inspection engine to FTP traffic. To do so, use the policy-map command, as follows. hostname(config-cmap)# policy-map policy_map_name hostname(config-pmap)# where policy_map_name is the name of the policy map. The CLI enters the policy map configuration mode and the prompt changes accordingly. Specify the class map, created in Step 1, that identifies the CTIQBE traffic. Use the class command to do so, as follows. hostname(config-pmap)# class class_map_name hostname(config-pmap-c)# where class_map_name is the name of the class map you created in Step 1. The CLI enters the policy map class configuration mode and the prompt changes accordingly. Enable CTIQBE application inspection. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 22-11