Cisco 4700M Configuration Manual page 204

Configuring a Layer 7 SIP Inspection Policy
•
•
•
•
For example, to configure the ACE to drop SIP packets that have content with a
length greater than 4000 bytes in length, enter:
host1/Admin(config)# class-map type sip inspect match-all
SIP_INSP_CLASS
host1/Admin(config-cmap-sip-insp)# match content length gt 200
host1/Admin(config)# policy-map type inspect sip all-match
SIP_INSP_POLICY
host1/Admin(config-pmap-ins-sip)# class SIP_INSP_CLASS
host1/Admin(config-pmap-ins-sip-c)# deny
To remove the match statement from the class map, enter:
host1/Admin(config-cmap-sip-insp)# no match content length gt 200
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-80
number—Maximum size of a SIP message body that the ACE allows. Enter
an integer from 0 to 65534 bytes. If the message body is greater than the
configured value, the ACE performs the action that you configure in the
policy map.
type—Specifies a content type check.
sdp—Specifies that the traffic must be of type Session Description Protocol
(SDP) to match the class map.
expression—Regular expression that identifies the content type in the SIP
message body that is required to match the class map. Enter a regular
expression from 1 to 255 alphanumeric characters. The ACE supports the use
of regular expressions for matching. See
characters that you can use in regular expressions.
When matching data strings, note that the period (.) and question
Note
mark (?) characters do not have a literal meaning in regular
expressions. Use brackets ([]) to match these symbols (for example,
enter www[.]xyz[.]com instead of www.xyz.com). You can also use a
backslash (\) to escape a dot (.) or a question mark (?).
Chapter 3 Configuring Application Protocol Inspection
Table 3-5 for a list of the supported
OL-16202-01