17-82
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Skinny (SCCP) is a simplified protocol used in VoIP networks. Cisco IP Phones using SCCP can coexist
in an H.323 environment. When used with Cisco CallManager, the SCCP client can interoperate with
H.323 compliant terminals. Application layer functions in the security appliance recognize SCCP
version 3.3. There are 5 versions of the SCCP protocol: 2.4, 3.0.4, 3.1.1, 3.2, and 3.3.2.
The security appliance supports all versions through 3.3.2. The security appliance supports PAT and NAT
for SCCP. PAT is necessary if you have more IP phones than global IP addresses for the IP phones to
use. By supporting NAT and PAT of SCCP Signaling packets, Skinny application inspection ensures that
all SCCP signaling and media packets can traverse the security appliance.
Normal traffic between Cisco CallManager and Cisco IP Phones uses SCCP and is handled by SCCP
inspection without any special configuration. The security appliance also supports DHCP options 150
and 66, which it accomplishes by sending the location of a TFTP server to Cisco IP Phones and other
DHCP clients. Cisco IP Phones might also include DHCP option 3 in their requests, which sets the
default route.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > Skinny from the Object
Type selector. Right-click inside the work area, then select New Object or right-click a row, then select
Edit Object.
Related Topics
• Understanding Map Objects, page 6-72
• Configuring Protocols and Maps for Inspection, page 17-21
Field Reference
Table 17-48 Add and Edit Skinny Map Dialog Boxes
Element Description
Name The name of the Skinny map. A maximum of 40 characters is allowed.
Description A description of the Skinny map, up to 200 characters.
Parameters Tab
Enforce Endpoint
Registration
Whether to enforce registration before calls can be placed.
Maximum SCCP Station
Message ID 0x
The maximum SCCP station message ID allowed, in hexadecimal.
Check RTP Packets for
Protocol Conformance
Enforce Payload Type to be
Audio or Video based on
Signaling Exchange
Whether to check RTP packets flowing through the pinholes for
protocol conformance. If you select this option, you can also select
whether to enforce the payload type.
Minimum SCCP Prefix
Length
The minimum SCCP length allowed.
Maximum SCCP Prefix
Length
The maximum SCCP length allowed.
Media Timeout The timeout value for media connections.
Signaling Timeout The timeout value for signaling connections.
