Configuring SCCP ALG (NSM Procedure)

SCCP is a protocol for call signaling. Skinny is based on a call-agent-based call-control architecture. The control protocol uses binary-coded frames encoded on TCP frames sent to well-known TCP port number destinations to set up and tear down RTP media sessions.

To configure SCCP ALG:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure SCCP ALG.
  3. Click the Configuration tab. In the configuration tree, select Security > Alg > Sccp.
  4. Add or modify settings as specified in Table 223.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 223: SCCP ALG Configuration Details

Option

Function

Your Action

Inactive Media Timeout

Indicates the maximum length of time (in seconds) a call can remain active without any media (RTP or RTCP) traffic within a group. Each time an RTP or RTCP packet occurs within a call, this timeout resets. When the period of inactivity exceeds this setting, the SCCP ALG the gates opened for media are closed.

Select a value between 10 and 600 seconds.

Threshold

Protects SCCP ALG clients from flood attacks by limiting the number of calls they attempt to process.

Select a value for call flood threshold from 2 to 1,000.

Permit NAT Applied

Specifies how unidentified SCCP messages are handled by the device. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement can be useful for resolving interoperability issues with disparate vendor equipment. By permitting unknown SCCP (unsupported) messages, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.

This statement applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing.

Select this option to permit unidentified SCCP messages. By default, unknown (unsupported) messages are dropped.

Permit Routed

Specifies that unknown messages be allowed to pass if the session is in Route mode. (Sessions in Transparent mode are treated as Route mode.)

Select this option.

Related Documentation