Sip inspection, Sip inspection overview, Sip instant messaging – Cisco ASA 5505 User Manual
Page 929
 
44-19
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 44 Configuring Inspection for Voice and Video Protocols
SIP Inspection
SIP Inspection
This section describes SIP application inspection. This section includes the following topics:
•
SIP Inspection Overview, page 44-19
•
SIP Instant Messaging, page 44-19
•
Configuring a SIP Inspection Policy Map for Additional Inspection Control, page 44-20
•
Configuring SIP Timeout Values, page 44-24
•
Verifying and Monitoring SIP Inspection, page 44-24
SIP Inspection Overview
SIP, as defined by the IETF, enables call handling sessions, particularly two-party audio conferences, or 
“calls.” SIP works with SDP for call signalling. SDP specifies the ports for the media stream. Using SIP, 
the ASA can support any SIP VoIP gateways and VoIP proxy servers. SIP and SDP are defined in the 
following RFCs:
•
SIP: Session Initiation Protocol, RFC 3261
•
SDP: Session Description Protocol, RFC 2327
To support SIP calls through the ASA, signaling messages for the media connection addresses, media 
ports, and embryonic connections for the media must be inspected, because while the signaling is sent 
over a well-known destination port (UDP/TCP 5060), the media streams are dynamically allocated. 
Also, SIP embeds IP addresses in the user-data portion of the IP packet. SIP inspection applies NAT for 
these embedded IP addresses.
The following limitations and restrictions apply when using PAT with SIP:
•
If a remote endpoint tries to register with a SIP proxy on a network protected by the ASA, the 
registration fails under very specific conditions, as follows:
–
PAT is configured for the remote endpoint.
–
The SIP registrar server is on the outside network.
–
The port is missing in the contact field in the REGISTER message sent by the endpoint to the 
proxy server.
–
Configuring static PAT is not supported with SIP inspection. If static PAT is configured for the 
Cisco Unified Communications Manager, SIP inspection cannot rewrite the SIP packet. 
Configure one-to-one static NAT for the Cisco Unified Communications Manager.
•
If a SIP device transmits a packet in which the SDP portion has an IP address in the owner/creator 
field (o=) that is different than the IP address in the connection field (c=), the IP address in the o= 
field may not be properly translated. This is due to a limitation in the SIP protocol, which does not 
provide a port value in the o= field.
SIP Instant Messaging
Instant Messaging refers to the transfer of messages between users in near real-time. SIP supports the 
Chat feature on Windows XP using Windows Messenger RTC Client version 4.7.0105 only. The 
MESSAGE/INFO methods and 202 Accept response are used to support IM as defined in the following 
RFCs: