48-31
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 48 Configuring Inspection for Voice and Video Protocols
SIP Inspection
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Not enforced.
SIP conformance: Do not perform state checking and header validation.
–
Medium
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: No
SIP conformance: Drop packets that fail state checking.
–
High
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Denied.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Enabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: Yes
SIP conformance: Drop packets that fail state checking and packets that fail header validation.
–
Customize—Opens the Add/Edit SIP Policy Map dialog box for additional settings.
–
Default Level—Sets the security level back to the default level of Low.
Modes
The following table shows the modes in which this feature is available:
Add/Edit SIP Policy Map (Security Level)
Configuration > Global Objects > Inspect Maps > SIP > SIP Inspect Map > Basic View
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
