Cisco Systems ASA 5525-X Network Router User Manual


  Open as PDF
of 2086
 
48-20
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 48 Configuring Inspection for Voice and Video Protocols
RTSP Inspection
RTSP Inspection Overview, page 48-20
Using RealPlayer, page 48-20
Restrictions and Limitations, page 48-21
Select RTSP Map, page 48-21
RTSP Inspect Map, page 48-21
Add/Edit RTSP Policy Map, page 48-22
Add/Edit RTSP Inspect, page 48-23
RTSP Inspection Overview
The RTSP inspection engine lets the ASA pass RTSP packets. RTSP is used by RealAudio,
RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections.
Note For Cisco IP/TV, use RTSP TCP port 554 and TCP 8554.
RTSP applications use the well-known port 554 with TCP (rarely UDP) as a control channel. The ASA
only supports TCP, in conformity with RFC 2326. This TCP control channel is used to negotiate the data
channels that is used to transmit audio/video traffic, depending on the transport mode that is configured
on the client.
The supported RDT transports are: rtp/avp, rtp/avp/udp, x-real-rdt, x-real-rdt/udp, and x-pn-tng/udp.
The ASA parses Setup response messages with a status code of 200. If the response message is travelling
inbound, the server is outside relative to the ASA and dynamic channels need to be opened for
connections coming inbound from the server. If the response message is outbound, then the ASA does
not need to open dynamic channels.
Because RFC 2326 does not require that the client and server ports must be in the SETUP response
message, the ASA keeps state and remembers the client ports in the SETUP message. QuickTime places
the client ports in the SETUP message and then the server responds with only the server ports.
RTSP inspection does not support PAT or dual-NAT. Also, the ASA cannot recognize HTTP cloaking
where RTSP messages are hidden in the HTTP messages.
Using RealPlayer
When using RealPlayer, it is important to properly configure transport mode. For the ASA, add an
access-list command from the server to the client or vice versa. For RealPlayer, change transport mode
by clicking Options>Preferences>Transport>RTSP Settings.
If using TCP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
TCP for all content check boxes. On the ASA, there is no need to configure the inspection engine.
If using UDP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
UDP for static content check boxes, and for live content not available via Multicast. On the ASA, add
an inspect rtsp port command.