Cisco Systems ASA 5580 Network Router User Manual


  Open as PDF
of 2086
 
48-24
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 48 Configuring Inspection for Voice and Video Protocols
SIP Inspection
SIP Inspection
This section describes SIP application inspection. This section includes the following topics:
SIP Inspection Overview, page 48-24
SIP Instant Messaging, page 48-25
Select SIP Map, page 48-26
SIP Class Map, page 48-27
Add/Edit SIP Traffic Class Map, page 48-27
Add/Edit SIP Match Criterion, page 48-28
SIP Inspect Map, page 48-30
Add/Edit SIP Policy Map (Security Level), page 48-31
Add/Edit SIP Policy Map (Details), page 48-33
Add/Edit SIP Inspect, page 48-34
SIP Inspection Overview
SIP, as defined by the IETF, enables call handling sessions, particularly two-party audio conferences, or
“calls.” SIP works with SDP for call signalling. SDP specifies the ports for the media stream. Using SIP,
the ASA can support any SIP VoIP gateways and VoIP proxy servers. SIP and SDP are defined in the
following RFCs:
SIP: Session Initiation Protocol, RFC 3261
SDP: Session Description Protocol, RFC 2327
To support SIP calls through the ASA, signaling messages for the media connection addresses, media
ports, and embryonic connections for the media must be inspected, because while the signaling is sent
over a well-known destination port (UDP/TCP 5060), the media streams are dynamically allocated.
Also, SIP embeds IP addresses in the user-data portion of the IP packet. SIP inspection applies NAT for
these embedded IP addresses.
The following limitations and restrictions apply when using PAT with SIP:
If a remote endpoint tries to register with a SIP proxy on a network protected by the ASA, the
registration fails under very specific conditions, as follows:
PAT is configured for the remote endpoint.
The SIP registrar server is on the outside network.
The port is missing in the contact field in the REGISTER message sent by the endpoint to the
proxy server.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••
 previous next