Disabling Skinni

Unanswered Question
May 9th, 2008
User Badges:

I just implemented ASA 5540 VPN Premium license, running on Software Version 7.2(3) and Device Manager Version 5.2(3). How can i disable skinny inspection because it is using port 2000 and this is blocking another application using the same port.

policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map IPSpolicy

class IPSclass

ips promiscuous fail-open

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http

inspect pptp

policy-map type inspect dns migrated_dns_map_1


message-length maximum 512

I have tried to go to the class inspection_default and then no skinny inspect would won't go away. Kindly assist. Winnie.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amritpatek Thu, 05/15/2008 - 11:08
User Badges:
  • Silver, 250 points or more

To disabled skinny inspection using commands:

firewall(config)# policy-map global_policy

firewall(config-pmap)# class inspection_default

firewall(config-pmap-c)# no inspect skinny

Skinny protocol uses port tcp 2000 which is cisco property, so the ASA by default will

inspect this port, and since it's expecting another type of traffic, it will drop the

connection. skinny is a voice protocol.So after disabling this, the asa was no longer inpecting this port and that allowed the application to run.


This Discussion