49-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter49 Configuring the TLS Proxy for Encrypted Voice Inspe ction
Configuring the TLS Proxy for Encrypted Voice Inspection
Command Purpose
Step1 hostname(config)# class-map class_map_name
Example:
hostname(config)# class-map sec_skinny
Configures the secure Skinny class of traffic to
inspect.
Where class_map_name is the name of the Skinny
class map.
Step2 hostname(config-cmap)# match port tcp eq 2443 Matches the TCP port 2443 to which you want to
apply actions for secure Skinny inspection
Step3 hostname(config-cmap)# exit
Step4 hostname(config)# policy-map type inspect skinny
policy_map_name
Example:
hostname(config)# policy-map type inspect skinny
skinny_inspect
Defines special actions for Skinny inspection
application traffic.
Step5 hostname(config-pmap)# parameters
hostname(config-pmap-p)# ! Skinny inspection
parameters
Specifies the parameters for Skinny inspection.
Parameters affect the behavior of the inspection
engine.
The commands available in parameters
configuration mode depend on the application.
Step6 hostname(config-pmap-p)# exit Exits from Policy Map configuration mode.
Step7 hostname(config)# policy-map name
Example:
hostname(config)# policy-map global_policy
Configure the policy map and attach the action to the
class of traffic.
Step8 hostname(config-pmap)# class inspection_default Specifies the default class map.
The configuration includes a default Layer 3/4 class
map that the ASA uses in the default global policy.
It is called inspection_default and matches the
default inspection traffic,
Step9 hostname(config-pmap-c)# inspect skinny skinny_map
Example:
hostname(config-pmap-c)# inspect skinny
skinny_inspect
Enables SCCP (Skinny) application inspection.
Step10 hostname(config-pmap)# class classmap_name
Example:
hostname(config-pmap)# class sec_skinny
Assigns a class map to the policy map where you can
assign actions to the class map traffic.
Step11 hostname(config-pmap-c)# inspect skinny skinny_map
tls-proxy proxy_name
Example:
hostname(config-pmap-c)# inspect skinny
skinny_inspect tls-proxy my_proxy
Enables TLS proxy for the specified inspection
session.
Step12 hostname(config-pmap-c)# exit Exits from the Policy Map configuration mode.
Step13 hostname(config)# service-policy policymap_name
global
Example:
hostname(config)# service-policy global_policy
global
Enables the service policy on all interfaces.