Support User Manuals

Cisco Systems ASA 5505 Webcam User Manual

Open as PDF

of 754

12-29

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter 12 Configuring Inspection for Voice and Video Protocols

SIP Inspection

• Description—Enter the description of the SIP map, up to 200 characters in length.

• Security Level—Shows the security level settings to configure

• Filtering—Tab that lets you configure the filtering settings for SIP.

–

Enable SIP instant messaging (IM) extensions—Enables Instant Messaging extensions. Default

is enabled.

–

Permit non-SIP traffic on SIP port—Permits non-SIP traffic on SIP port. Permitted by default.

• IP Address Privacy—Tab that lets you configure the IP address privacy settings for SIP.

–

Hide server’s and endpoint’s IP addresses—Enables IP address privacy. Disabled by default.

• Hop Count—Tab that lets you configure the hop count settings for SIP.

–

Ensure that number of hops to destination is greater than 0—Enables check for the value of

Max-Forwards header is zero.

Action—Drop packet, Drop Connection, Reset, Log.

Log—Enable or Disable.

• RTP Conformance—Tab that lets you configure the RTP conformance settings for SIP.

–

Check RTP packets for protocol conformance—Checks RTP/RTCP packets flowing on the

pinholes for protocol conformance.

Limit payload to audio or video, based on the signaling exchange—Enforces payload type to be

audio/video based on the signaling exchange.

• SIP Conformance—Tab that lets you configure the SIP conformance settings for SIP.

–

Enable state transition checking—Enables SIP state checking.

Action—Drop packet, Drop Connection, Reset, Log.

Log—Enable or Disable.

–

Enable strict validation of header fields—Enables validation of SIP header fields.

Action—Drop packet, Drop Connection, Reset, Log.

Log—Enable or Disable.

• Field Masking—Tab that lets you configure the field masking settings for SIP.

–

Inspect non-SIP URIs—Enables non-SIP URI inspection in Alert-Info and Call-Info headers.

Action—Mask or Log.

Log—Enable or Disable.

–

Inspect server’s and endpoint’s software version—Inspects SIP endpoint software version in

User-Agent and Server headers.

Action—Mask or Log.

Log—Enable or Disable.

• Inspections—Tab that shows you the SIP inspection configuration and lets you add or edit.

–

Match Type—Shows the match type, which can be a positive or negative match.

–

Criterion—Shows the criterion of the SIP inspection.

–

Value—Shows the value to match in the SIP inspection.

–

Action—Shows the action if the match condition is met.

–

Log—Shows the log state.

previous next