Cisco 4700M Configuration Manual page 144

Application Protocol Inspection Overview
•
•
•
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-20
Enables or disables Instant Messenger (IM):
Allows you to disable IM over SIP, which causes the ACE to drop all
–
messages belonging to IM as specified by SIMPLE RFC extensions. An
appropriate warning message is displayed to call out the exact methods
that this feature drops.
You can specify a list of users (in the form of a regex) that are not allowed
–
to use IM through the ACE appliance.
Allows you to configure which SIP methods that the ACE supports. You can
also specify if additional SIP methods (that are not part of the RFCs or RFC
extensions that the ACE is compliant with) should be denied. The ACE
maintains the list of invalid methods as a regex table.
Enables you to hide or remove risky header fields (for example, Alert-Info
and Call-Info) that, if provided by a malicious caller, may cause the callee to
display inappropriate, offensive, dangerous, or illegal content.
Allows you to enable IP address privacy. If both the caller and the callee are
on the inside network and on the same subnet, and the proxy is on the outside
network, there is a possibility that the two parties may try to contact each
other by bypassing the proxy. If enabled, this feature prevents such direct
contact because the embedded addresses in the message from the proxy to the
callee are not fixed. Therefore, the callee cannot learn the real IP address of
the caller.
Chapter 3 Configuring Application Protocol Inspection
OL-16202-01