Sip Inspection - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
SIP Inspection
Where rtsp_policy_map is the optional RTSP inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the RTSP inspection policy map, see
Configure RTSP Inspection Policy Map, page
Example:
hostname(config-class)# no inspect rtsp
hostname(config-class)# inspect rtsp rtsp-map
Note
If you are editing an existing service policy (such as the default global policy called global_policy), you
Step 5
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
Example:
hostname(config)# service-policy global_policy global
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
SIP Inspection
SIP is a widely used protocol for Internet conferencing, telephony, presence, events notification, and
instant messaging. Partially because of its text-based nature and partially because of its flexibility, SIP
networks are subject to a large number of security threats.
SIP application inspection provides address translation in message header and body, dynamic opening
of ports and basic sanity checks. It also supports application security and protocol conformance, which
enforce the sanity of the SIP messages, as well as detect SIP-based attacks.
SIP inspection is enabled by default. You need to configure it only if you want non-default processing,
or if you want to identify a TLS proxy to enable encrypted traffic inspection. The following topics
explain SIP inspection in more detail.
•
•
•
•
•
•
Cisco ASA Series Firewall CLI Configuration Guide
14-22
If you are editing the default global policy (or any in-use policy) to use a different RTSP
inspection policy map, you must remove the RTSP inspection with the no inspect rtsp
command, and then re-add it with the new RTSP inspection policy map name.
SIP Inspection Overview, page 14-23
Limitations for SIP Inspection, page 14-23
Default SIP Inspection, page 14-24
Configure SIP Inspection, page 14-24
Configure SIP Timeout Values, page 14-29
Verifying and Monitoring SIP Inspection, page 14-29
Chapter 14
Inspection for Voice and Video Protocols
14-19.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
