Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 SIP Inspect Map

48-30

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter48 Configuring Inspection for Voice and Video Protocols

SIP Inspection

–

Request Method—Specifies a request method: ack, bye, cancel, info, invite, message, notify,

options, prack, refer, register, subscribe, unknown, update.

•Third-Party Registration Criterion Values—Specifies to match the requester of a third-party

registration. Applies the regular expression match.

–

Regular Expression—Lists the defined regular expressions to match.

–

Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular

expressions.

–

Regular Expression Class—Lists the defined regular expression classes to match.

–

Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure

regular expression class maps.

•URI Length Criterion Values—Specifies to match a URI of a selected type and greater than the

specified length in the SIP headers.

–

URI type—Specifies to match either SIP URI or TEL URI.

–

Greater Than Length—Length in bytes.

Modes

The following table shows the modes in which this feature is available:

SIP Inspect Map

Configuration> Global Objects > Inspect Maps > SIP

The SIP pane lets you view previously configured SIP application inspection maps. A SIP map lets you

change the default configuration values used for SIP application inspection.

SIP is a widely used protocol for Internet conferencing, telephony, presence, events notification, and

instant messaging. Partially because of its text-based nature and partially because of its flexibility, SIP

networks are subject to a large number of security threats.

SIP application inspection provides address translation in message header and body, dynamic opening

of ports and basic sanity checks. It also supports application security and protocol conformance, which

enforce the sanity of the SIP messages, as well as detect SIP-based attacks.

Fields

•SIP Inspect Maps—Table that lists the defined SIP inspect maps.

•Add—Configures a new SIP inspect map. To edit a SIP inspect map, choose the SIP entry in the SIP

Inspect Maps table and click Customize.

•Delete—Deletes the inspect map selected in the SIP Inspect Maps table.

•Security Level—Select the security level (high or low).

–

Low—Default.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

••••—

Cisco Systems SIP Inspect Map

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505