Chapter 38
Configuring Inspection for Voice and Video Protocols
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit SIP Policy Map (Security Level)
The Add/Edit SIP Policy Map pane lets you configure the security level and additional settings for SIP
application inspection maps.
Fields
•
•
•
OL-20339-01
Default Level—Sets the security level back to the default level of Low.
–
Security Context
Transparent Single
•
•
Name—When adding a SIP, enter the name of the SIP map. When editing a SIP map, the name of
the previously configured SIP map is shown.
Description—Enter the description of the SIP map, up to 200 characters in length.
Security Level—Select the security level (high or low).
Low—Default.
–
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server's and endpoint's IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Not enforced.
SIP conformance: Do not perform state checking and header validation.
Medium
–
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server's and endpoint's IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: No
SIP conformance: Drop packets that fail state checking.
High
–
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Denied.
Multiple
Context
System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
SIP Inspection
38-31