Skinny Applicant Control Protocol
Skinny Applicant Control Agreement (SSCP), as adumbrated by its name, is a simplified
protocol for use in VoIP networks. It is acclimated by Cisco IP Phones.The capital difference
from abounding H.323 communications is that the accomplished affair establishment
is done not anon amid audience but amid a applicant and a Cisco Call
Manager.After RTP ports are negotiated, datastreams are anon connected
between clients.Thus, the PIX firewall needs to audit SCCP signaling packets
in adjustment to agenda ports adjourned for RTP and possibly accomplish NAT on
embedded addresses.The PIX firewall is able to admit and audit SCCP version
3.1.1.The accordant command is:
[no] fixup agreement angular [
www.syngress.com
162 Chapter 4 • Advanced PIX Configurations
The absence anchorage cardinal is 2000. NAT of SCCP letters is supported,
whereas PAT is not.When the Cisco Call Manager is on a added defended interface
than the phones, the IP phones can be configured to use TFTP to download the
information acclimated to affix to the Call Manager. (In best cases, the TFTP
server runs on the aforementioned apparatus as the Call Manager.) The botheration actuality is that
the audience charge to admit an entering TFTP affiliation (UDP anchorage 69) to the
server.To admittance this connection, you charge to either acquiesce admission cartage on
port 69 to the TFTP server or actualize a changeless access for this server after NAT,
allowing alien access to its IP address. After audience download the configuration
they charge to acquaintance the Call Manager, the blow of the cartage is controlled
using SCCP appliance inspection.
Currently, the PIX firewall does not abutment burst SCCP messages
because the appliance analysis action checks anniversary accustomed bulletin for consistency
and drops any letters with incorrect centralized checksums.This usually
happens back a distinct bulletin is breach into several TCP packets.