Cisco ASA 5506-X Configuration Manual page 222
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
SIP Inspection
To edit the default policy, or to use the special inspection_default class map in a new policy, specify
inspection_default for the name. Otherwise, you are specifying the class you created earlier in this
procedure.
Configure SIP inspection.
Step 4
inspect sip [sip_policy_map] [tls-proxy proxy_name]
Where:
•
•
Example:
hostname(config-class)# no inspect sip
hostname(config-class)# inspect sip sip-map
Note
Step 5
If you are editing an existing service policy (such as the default global policy called global_policy), you
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
Example:
hostname(config)# service-policy global_policy global
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Configure SIP Timeout Values
The media connections are torn down within two minutes after the connection becomes idle. This is,
however, a configurable timeout and can be set for a shorter or longer period of time.
You can configure several SIP global timeout values on the Configuration > Firewall > Advanced >
Global Timeouts page.
To configure the timeout for the SIP control connection, enter the following command:
hostname(config)# timeout sip hh:mm:ss
This command configures the idle timeout after which a SIP control connection is closed.
To configure the timeout for the SIP media connection, enter the following command:
hostname(config)# timeout sip_media hh:mm:ss
This command configures the idle timeout after which a SIP media connection is closed.
Cisco ASA Series Firewall CLI Configuration Guide
8-30
sip_policy_map is the optional SIP inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the SIP inspection policy map, see
Configure SIP Inspection Policy Map, page
tls-proxy proxy_name identifies the TLS proxy to use for this inspection. You need a TLS proxy
only if you want to enable inspection of encrypted traffic.
If you are editing the default global policy (or any in-use policy) to use a different SIP inspection
policy map, you must remove the SIP inspection with the no inspect sip command, and then
re-add it with the new SIP inspection policy map name.
Chapter 8
Inspection for Voice and Video Protocols
8-25.
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
