50-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter50 Configuring Cisco Mobility Advantage
Monitoring for Cisco Mobility Advantage
Monitoring for Cisco Mobility Advantage
Mobility advantage proxy can be debugged the same way as IP Telephony. You can enable TLS proxy
debug flags along with SSL syslogs to debug TLS proxy connection problems.
For example, using the following commands to enable TLS proxy-related debugging and syslog output
only:
hostname# debug inspect tls-proxy events
hostname# debug inspect tls-proxy errors
hostname# config terminal
hostname(config)# logging enable
hostname(config)# logging timestamp
hostname(config)# logging list loglist message 711001
hostname(config)# logging list loglist message 725001-725014
hostname(config)# logging list loglist message 717001-717038
hostname(config)# logging buffer-size 1000000
hostname(config)# logging buffered loglist
hostname(config)# logging debug-trace
For information about TLS proxy debugging techniques and sample output, see the Monitoring the TLS
Proxy, page49-15.
Enable the debug mmp command for MMP inspection engine debugging:
MMP:: received 60 bytes from outside:1.1.1.1/2000 to inside:2.2.2.2/5443
MMP:: version OLWP-2.0
MMP:: forward 60/60 bytes from outside:1.1.1.1/2000 to inside:2.2.2.2/5443
MMP:: received 100 bytes from inside:2.2.2.2/5443 to outside:1.1.1.1/2000
MMP:: session-id: ABCD_1234
MMP:: status: 201
MMP:: forward 100/100 bytes from inside:2.2.2.2/5443 to outside 1.1.1.1/2000
MMP:: received 80 bytes from outside:1.1.1.1/2000 to inside:2.2.2.2/5443
MMP:: content-type: http/1.1
MMP:: content-length: 40
You can also capture the raw and decrypted data by the TLS proxy by entering the following commands:
hostname# capture mycap interface outside (capturing raw packets)
hostname# capture mycap-dec type tls-proxy interface outside (capturing decrypted data)
hostname# show capture capture_name
hostname# copy /pcap capture:capture_name tftp://tftp_location
Step6 hostname(config-pmap)# inspect mmp tls-proxy
proxy_name
Example:
hostname(config-pmap)# inspect mmp tls-proxy
cuma_proxy
Enables SCCP (Skinny) application inspection and
enables the phone proxy for the specified inspection
session.
Step7 hostname(config-pmap)# exit Exits from the Policy Map configuration mode.
Step8 hostname(config)# service-policy policy_map_name
global
Example:
service-policy global_policy global
Enables the service policy on all interfaces.
Command Purpose