Cisco Systems ASA 5580 Webcam User Manual


 
12-23
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 12 Configuring Inspection for Voice and Video Protocols
SIP Inspection
The Select SIP Map dialog box lets you select or create a new SIP map. A SIP map lets you change the
configuration values used for SIP application inspection. The Select SIP Map table provides a list of
previously configured maps that you can select for application inspection.
Fields
Use the default SIP inspection map—Specifies to use the default SIP map.
Select a SIP map for fine control over inspectionLets you select a defined application inspection
map or add a new one.
Add—Opens the Add Policy Map dialog box for the inspection.
Enable encrypted traffic inspection check box—Select to enable the radio buttons to select a proxy
type.
Proxy Type
TLS Proxy radio button—Use TLS Proxy to enable inspection of encrypted traffic.
Phone Proxy radio button—Specifies to associate the Phone Proxy with the TLS Proxy that you
select from the TLS Proxy Name field.
Configure button—Opens the Configure the Phone Proxy dialog box so that you can specify or
edit Phone Proxy configuration settings.
UC-IME Proxy ratio button—Specifies to associate the UC-IME Proxy (Cisco Intercompany
Media Engine proxy) with the TLS Proxy that you select from the TLS Proxy Name field.
Configure button—Opens the Configure the UC-IME Proxy dialog box so that you can specify
or edit UC-IME Proxy configuration settings.
TLS Proxy Name:—Name of existing TLS Proxy.
Manage—Opens the Add TLS Proxy dialog box to add a TLS Proxy.
Only one TLS proxy can be assigned to the Phone Proxy or UC-IME Proxy at a time. If you configure
more than one service policy rule for Phone Proxy or UC-IME Proxy inspection and attempt to assign a
different TLS proxy to them, ASDM displays a warning that all other service policy rules with Phone
Proxy or UC-IME inspection will be changed to use the latest selected TLS proxy.
The UC-IME Proxy configuration requires two TLS proxies – one for outbound traffic and one for
inbound. Rather than associating the TLS proxies directly with the UC-IME Proxy, as is the case with
phone proxy, the TLS proxies are associated with it indirectly via SIP inspection rules.
You associate a TLS proxy with the Phone Proxy while defining a SIP inspection action . ASDM will
convert the association to the existing phone proxy.
SIP Class Map
Configuration > Global Objects > Class Maps > SIP
The SIP Class Map pane lets you configure SIP class maps for SIP inspection.
An inspection class map matches application traffic with criteria specific to the application. You then
identify the class map in the inspect map and enable actions. The difference between creating a class
map and defining the traffic match directly in the inspect map is that you can create more complex match
criteria and you can reuse class maps. The applications that support inspection class maps are DNS, FTP,
H.323, HTTP, IM, and SIP.