Which two voice and video protocols does the Cisco ASA 5500 Series support with Cisco Unified Communications Application Inspection? (Chose two)
A. SCTP
B. SDP
C. H.323
D. H248
E. SCCP
F. SRTP
Which two voice and video protocols does the Cisco ASA 5500 Series support with Cisco Unified Communications Application Inspection?
Excuse me –> CE is OK, SRTP is not a protocol (it is RTSP).
The inspection engines we can enable on the ASA for Voice and Video are:
• CTIQBE Inspection
• H.323 Inspection
• MGCP Inspection
• RTSP Inspection
• SIP Inspection
• Skinny (SCCP) Inspection
CTIQBE protocol inspection supports NAT, PAT, and bidirectional NAT. This enables Cisco IP SoftPhone and other Cisco TAPI/JTAPI applications to work successfully with Cisco CallManager for call setup across the ASA.
TAPI and JTAPI are used by many Cisco VoIP applications. CTIQBE is used by Cisco TSP to communicate with Cisco CallManager.
H.323 inspection provides support for H.323 compliant applications such as Cisco CallManager and VocalTec Gatekeeper. H.323 is a suite of protocols defined by the International Telecommunication Union for multimedia conferences over LANs.
With H.323 inspection enabled, the ASA supports multiple calls on the same call signaling channel, a feature introduced with H.323 Version 3. This feature reduces call setup time and reduces the use of ports on the ASA.
MGCP is a master/slave protocol used to control media gateways from external call control elements called media gateway controllers or call agents. A media gateway is typically a network element that provides conversion between the audio signals carried on telephone circuits and data packets carried over the Internet or over other packet networks. Using NAT and PAT with MGCP lets you support a large number of devices on an internal network with a limited set of external (global) addresses.
The RTSP inspection engine lets the ASA pass RTSP packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections.
SIP enables call handling sessions, particularly two-party audio conferences, or “calls.” SIP works with SDP for call signalling. SDP specifies the ports for the media stream. Using SIP, the ASA can support any SIP VoIP gateways and VoIP proxy servers.
Skinny (SCCP) is a simplified protocol used in VoIP networks. Cisco IP Phones using SCCP can coexist in an H.323 environment. When used with Cisco CallManager, the SCCP client can interoperate with H.323 compliant terminals. Application layer functions in the ASA recognize SCCP Version 3.3.
I agree.
I think: CF
Cisco ASA Voice and Video Protocol Inspection
* Session Initiation Protocol (SIP) Inspection:
SIP is a protocol that is used to handle call sessions between clients; SIP works along with the Session Description Protocol (SDP) for call signaling. According to the ASA documentation, SIP inspection is enabled by default as part of the default inspection rules; keep this in mind when configuring ASA traffic inspection.
SIP/SDP utilizes the TCP/UDP port 5060 for signaling, and this is the port that is used by the ASA for SIP inspection. SIP media streams are dynamically allocated; these session communications are listened to by the ASA and make the proper connections based on the result of these allocations. SIP can also embed IP addresses within the user-data portion of the IP packet. When this happens, the ASA will utilize NAT for these embedded addresses.
SIP inspection also supports a number of different options that allow for additional connection control; some of these options include matching traffic based on called-part, calling-part, content length, content type, and request method, among others.
There are also a number of different actions that are supported, including dropping the packet, dropping the connection, masking out a portion of the packet, resetting the connection, and logging the packet.
* RTSP Inspection:
RSTP (Real Time Streaming Protocol) is a protocol that is used by a number of different applications to transmit audio and video over a network connection; some of these applications include Apple QuickTime and Cisco IP/TV. According to the ASA documentation, RTSP inspection is enabled by default as part of the default inspection rules-keep this in mind when configuring ASA traffic inspection. RTSP uses the TCP port 554 as a control channel to negotiate the data channels that are used to transmit the traffic to the client. RTSP inspection listens to this port and allows the connections as set up on the control channel.
RTSP inspection also supports a number of different options that allow for additional connection control. Some of these options include matching traffic based on a specific request method and specifying the action that will be taken with this traffic; some of the actions include dropping the packet, dropping the connection, masking out a portion of the packet, resetting the connection, logging the packet, and a few others.
* Media Gateway Control Protocol (MGCP) Inspection:
MGCP is a protocol that is used to control a number of media gateways that are in turn used to control different call control elements within the network called call agents or media gateway controllers.
There are a number of different media gateway types that exist within networks utilizing MGCP-some exist between trunking devices, and some exist between the end user and the central voice network. If either of these needs to cross a point in the network in which a security domain is crossed, this device must be aware of its use and how to deal with the potential traffic.
MGCP inspection on the ASA is not enabled by default and must be manually configured if the ASA is to be responsible for managing MGCP traffic through it. MGCP utilizes UDP ports 2427 and 2727 that are used for communications between the central call agent(s) and the remote (typically) gateways.
When MGCP inspection is enabled on the ASA, it listens to the communications and determines from this inspection which MGCP traffic is allowed to pass. This is mainly required when failover (backup) configurations exist between various central call agents (for example, if a failover call agent is used to process a request that was initially sent to the main call agent, the source IP address would change and would break the rules of a “typical” firewalls connections table).
H.323 Inspection:
It is still used in many deployments as a primary and secondary voice and video network protocol. According to the ASA documentation, H.323 inspection (both H.225 and RAS) is enabled by default as part of the default inspection rules; keep this is mind when configuring ASA traffic inspection.
What the ASA does when these are enabled is listen to communications on both the H.225 (TCP 1720) and RAS (UDP 1718, 1719) communications ports. If the ASA detects that additional ports are being requested as part of normal protocol operations, it (the ASA) will allow the communications and enable inspection on those ports as well.
H.323 inspection can also be further configured to support additional inspection control by following the familiar process of creating class and inspection (policy) maps and applying them either globally (overriding the default H.323 inspection) or to a specific interface.
H.225, H.245, and H.323 RAS sessions can be monitored on the ASA as well by using the show h225, show h245, and show h323-ras commands, respectively.