12-28
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 12 Configuring Inspection for Voice and Video Protocols
SIP Inspection
–
Low—Default.
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Not enforced.
SIP conformance: Do not perform state checking and header validation.
–
Medium
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: No
SIP conformance: Drop packets that fail state checking.
–
High
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Denied.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Enabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: Yes
SIP conformance: Drop packets that fail state checking and packets that fail header validation.
–
Default Level—Sets the security level back to the default.
• Details—Shows additional filtering, IP address privacy, hop count, RTP conformance, SIP
conformance, field masking, and inspections settings to configure.
Add/Edit SIP Policy Map (Details)
Configuration > Global Objects > Inspect Maps > SIP > SIP Inspect Map > Advanced View
The Add/Edit SIP Policy Map pane lets you configure the security level and additional settings for SIP
application inspection maps.
Fields
• Name—When adding a SIP, enter the name of the SIP map. When editing a SIP map, the name of
the previously configured SIP map is shown.