Disabling Skinni

Unanswered Question
May 9th, 2008

I just implemented ASA 5540 VPN Premium license, running on Software Version 7.2(3) and Device Manager Version 5.2(3). How can i disable skinny inspection because it is using port 2000 and this is blocking another application using the same port.

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map IPSpolicy

class IPSclass

ips promiscuous fail-open

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http

inspect pptp

policy-map type inspect dns migrated_dns_map_1

parameters

message-length maximum 512

I have tried to go to the class inspection_default and then no skinny inspect would won't go away. Kindly assist. Winnie.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Thu, 05/15/2008 - 11:08

To disabled skinny inspection using commands:

firewall(config)# policy-map global_policy

firewall(config-pmap)# class inspection_default

firewall(config-pmap-c)# no inspect skinny

Skinny protocol uses port tcp 2000 which is cisco property, so the ASA by default will

inspect this port, and since it's expecting another type of traffic, it will drop the

connection. skinny is a voice protocol.So after disabling this, the asa was no longer inpecting this port and that allowed the application to run.

Actions

This Discussion