Sip inspection, Sip inspection overview, Sip instant messaging – Cisco ASA 5505 User Manual

Page 929

Advertising
background image

44-19

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 44 Configuring Inspection for Voice and Video Protocols

SIP Inspection

SIP Inspection

This section describes SIP application inspection. This section includes the following topics:

SIP Inspection Overview, page 44-19

SIP Instant Messaging, page 44-19

Configuring a SIP Inspection Policy Map for Additional Inspection Control, page 44-20

Configuring SIP Timeout Values, page 44-24

Verifying and Monitoring SIP Inspection, page 44-24

SIP Inspection Overview

SIP, as defined by the IETF, enables call handling sessions, particularly two-party audio conferences, or
“calls.” SIP works with SDP for call signalling. SDP specifies the ports for the media stream. Using SIP,
the ASA can support any SIP VoIP gateways and VoIP proxy servers. SIP and SDP are defined in the
following RFCs:

SIP: Session Initiation Protocol, RFC 3261

SDP: Session Description Protocol, RFC 2327

To support SIP calls through the ASA, signaling messages for the media connection addresses, media
ports, and embryonic connections for the media must be inspected, because while the signaling is sent
over a well-known destination port (UDP/TCP 5060), the media streams are dynamically allocated.
Also, SIP embeds IP addresses in the user-data portion of the IP packet. SIP inspection applies NAT for
these embedded IP addresses.

The following limitations and restrictions apply when using PAT with SIP:

If a remote endpoint tries to register with a SIP proxy on a network protected by the ASA, the
registration fails under very specific conditions, as follows:

PAT is configured for the remote endpoint.

The SIP registrar server is on the outside network.

The port is missing in the contact field in the REGISTER message sent by the endpoint to the
proxy server.

Configuring static PAT is not supported with SIP inspection. If static PAT is configured for the
Cisco Unified Communications Manager, SIP inspection cannot rewrite the SIP packet.
Configure one-to-one static NAT for the Cisco Unified Communications Manager.

If a SIP device transmits a packet in which the SDP portion has an IP address in the owner/creator
field (o=) that is different than the IP address in the connection field (c=), the IP address in the o=
field may not be properly translated. This is due to a limitation in the SIP protocol, which does not
provide a port value in the o= field.

SIP Instant Messaging

Instant Messaging refers to the transfer of messages between users in near real-time. SIP supports the
Chat feature on Windows XP using Windows Messenger RTC Client version 4.7.0105 only. The
MESSAGE/INFO methods and 202 Accept response are used to support IM as defined in the following
RFCs:

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals