Cisco ASA 5505 Configuration Manual page 876

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

SIP Inspection

SIP is a widely used protocol for Internet conferencing, telephony, presence, events notification, and

instant messaging. Partially because of its text-based nature and partially because of its flexibility, SIP

networks are subject to a large number of security threats.

SIP application inspection provides address translation in message header and body, dynamic opening

of ports and basic sanity checks. It also supports application security and protocol conformance, which

enforce the sanity of the SIP messages, as well as detect SIP-based attacks.

SIP Inspect Maps—Table that lists the defined SIP inspect maps.

Add—Configures a new SIP inspect map. To edit a SIP inspect map, choose the SIP entry in the SIP

Inspect Maps table and click Customize.

Delete—Deletes the inspect map selected in the SIP Inspect Maps table.

Security Level—Select the security level (high or low).

Cisco ASA 5500 Series Configuration Guide using ASDM

Low—Default.

SIP instant messaging (IM) extensions: Enabled.

Non-SIP traffic on SIP port: Permitted.

Hide server's and endpoint's IP addresses: Disabled.

Mask software version and non-SIP URIs: Disabled.

Ensure that the number of hops to destination is greater than 0: Enabled.

RTP conformance: Not enforced.

SIP conformance: Do not perform state checking and header validation.

SIP instant messaging (IM) extensions: Enabled.

Non-SIP traffic on SIP port: Permitted.

Hide server's and endpoint's IP addresses: Disabled.

Mask software version and non-SIP URIs: Disabled.

Ensure that the number of hops to destination is greater than 0: Enabled.

RTP conformance: Enforced.

Limit payload to audio or video, based on the signaling exchange: No

SIP conformance: Drop packets that fail state checking.

SIP instant messaging (IM) extensions: Enabled.

Non-SIP traffic on SIP port: Denied.

Hide server's and endpoint's IP addresses: Disabled.

Mask software version and non-SIP URIs: Enabled.

Ensure that the number of hops to destination is greater than 0: Enabled.

RTP conformance: Enforced.

Limit payload to audio or video, based on the signaling exchange: Yes

SIP conformance: Drop packets that fail state checking and packets that fail header validation.

Customize—Opens the Add/Edit SIP Policy Map dialog box for additional settings.

Configuring Inspection for Voice and Video Protocols

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 876

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents