Filter
Top Products
24-20
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
RTSP Inspection
RTSP Inspection Overview
The RTSP inspection engine lets the security appliance pass RTSP packets. RTSP is used by RealAudio,
RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections.
Note For Cisco IP/TV, use RTSP TCP port 554 and TCP 8554.
RTSP applications use the well-known port 554 with TCP (rarely UDP) as a control channel. The
security appliance only supports TCP, in conformity with RFC 2326. This TCP control channel is used
to negotiate the data channels that is used to transmit audio/video traffic, depending on the transport
mode that is configured on the client.
The supported RDT transports are: rtp/avp, rtp/avp/udp, x-real-rdt, x-real-rdt/udp, and x-pn-tng/udp.
The security appliance parses Setup response messages with a status code of 200. If the response
message is travelling inbound, the server is outside relative to the security appliance and dynamic
channels need to be opened for connections coming inbound from the server. If the response message is
outbound, then the security appliance does not need to open dynamic channels.
Because RFC 2326 does not require that the client and server ports must be in the SETUP response
message, the security appliance keeps state and remembers the client ports in the SETUP message.
QuickTime places the client ports in the SETUP message and then the server responds with only the
server ports.
RTSP inspection does not support PAT or dual-NAT. Also, the security appliance cannot recognize HTTP
cloaking where RTSP messages are hidden in the HTTP messages.
Using RealPlayer
When using RealPlayer, it is important to properly configure transport mode. For the security appliance,
add an Access Rule from the server to the client or vice versa. For RealPlayer, change transport mode
by clicking Options>Preferences>Transport>RTSP Settings.
If using TCP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
TCP for all content check boxes. On the security appliance, there is no need to configure the inspection
engine.
If using UDP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
UDP for static content check boxes, and for live content not available via Multicast. On the security
appliance, add an inspect rtsp port command.
Restrictions and Limitations
The following restrictions apply to RTSP inspection:
• The security appliance does not support multicast RTSP or RTSP messages over UDP.
• PAT is not supported.
• The security appliance does not have the ability to recognize HTTP cloaking where RTSP messages
are hidden in the HTTP messages.
• The security appliance cannot perform NAT on RTSP messages because the embedded IP addresses
are contained in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and
security appliance cannot perform NAT on fragmented packets.