Filter
Top Products
11-21
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Configuring Inspection for Voice and Video Protocols
SIP Inspection
Where the class_map_name is the name of the class map. The match-all keyword is the default, and
specifies that traffic must match all criteria to match the class map. The match-any keyword
specifies that the traffic matches the class map if it matches at leX( The CLI enters class-map
configuration mode, where you can enter one or more match commands.
b. (Optional) To add a description to the class map, enter the following command:
ciscoasa(config-cmap)# description string
Where string is the description of the class map (up to 200 characters).
c. (Optional) To match a called party, as specified in the To header, enter the following command:
ciscoasa(config-cmap)# match [not] called-party regex {class class_name | regex_name}
Where the regex regex_name argument is the regular expression you created in Step 1. The class
regex_class_name is the regular expression class map you created in Step 2.
d. (Optional) To match a calling party, as specified in the From header, enter the following command:
ciscoasa(config-cmap)# match [not] calling-party regex {class class_name | regex_name}
Where the regex regex_name argument is the regular expression you created in Step 1. The class
regex_class_name is the regular expression class map you created in Step 2.
e. (Optional) To match a content length in the SIP header, enter the following command:
ciscoasa(config-cmap)# match [not] content length gt length
Where length is the number of bytes the content length is greater than. 0 to 65536.
f. (Optional) To match an SDP content type or regular expression, enter the following command:
ciscoasa(config-cmap)# match [not] content type {sdp | regex {class class_name |
regex_name}}
Where the regex regex_name argument is the regular expression you created in Step 1. The class
regex_class_name is the regular expression class map you created in Step 2.
g. (Optional) To match a SIP IM subscriber, enter the following command:
ciscoasa(config-cmap)# match [not] im-subscriber regex {class class_name | regex_name}
Where the regex regex_name argument is the regular expression you created in Step 1. The class
regex_class_name is the regular expression class map you created in Step 2.
h. (Optional) To match a SIP via header, enter the following command:
ciscoasa(config-cmap)# match [not] message-path regex {class class_name | regex_name}
Where the regex regex_name argument is the regular expression you created in Step 1. The class
regex_class_name is the regular expression class map you created in Step 2.
i. (Optional) To match a SIP request method, enter the following command:
ciscoasa(config-cmap)# match [not] request-method method
Where method is the type of method to match (ack, bye, cancel, info, invite, message, notify,
options, prack, refer, register, subscribe, unknown, update).
j. (Optional) To match the requester of a third-party registration, enter the following command:
ciscoasa(config-cmap)# match [not] third-party-registration regex {class class_name |
regex_name}