SIP Inspection
You can specify multiple class or match commands in the policy map. For information about the order
of class and match commands, see the
page
Step 7
To configure parameters that affect the inspection engine, perform the following steps:
a.
b.
c.
The following example shows a how to define an RTSP inspection policy map.
hostname(config)# regex badurl1 www.url1.com/rtsp.avi
hostname(config)# regex badurl2 www.url2.com/rtsp.rm
hostname(config)# regex badurl3 www.url3.com/rtsp.asp
hostname(config)# class-map type regex match-any badurl-list
hostname(config-cmap)# match regex badurl1
hostname(config-cmap)# match regex badurl2
hostname(config-cmap)# match regex badurl3
hostname(config)# policy-map type inspect rtsp rtsp-filter-map
hostname(config-pmap)# match url-filter regex class badurl-list
hostname(config-pmap-p)# drop-connection
hostname(config)# class-map rtsp-traffic-class
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# policy-map rtsp-traffic-policy
hostname(config-pmap)# class rtsp-traffic-class
hostname(config-pmap-c)# inspect rtsp rtsp-filter-map
hostname(config)# service-policy rtsp-traffic-policy global
SIP Inspection
This section describes SIP application inspection. This section includes the following topics:
•
•
•
•
Cisco ASA Series CLI Configuration Guide
1-18
The log keyword, which you can use alone or with one of the other keywords, sends a system log
message.
The rate-limit message_rate argument limits the rate of messages.
1-4.
To enter parameters configuration mode, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
To restrict usage on reserve port for media negotiation, enter the following command:
hostname(config-pmap-p)# reserve-port-protect
To set the limit on the URL length allowed in the message, enter the following command:
hostname(config-pmap-p)# url-length-limit length
Where the length argument specifies the URL length in bytes (0 to 6000).
SIP Inspection Overview, page 1-19
SIP Instant Messaging, page 1-19
Configuring a SIP Inspection Policy Map for Additional Inspection Control, page 1-20
Configuring SIP Timeout Values, page 1-24
Chapter 1
Configuring Inspection for Voice and Video Protocols
"Defining Actions in an Inspection Policy Map" section on