Cisco ASA 5505 User Manual

Page 933

Advertising
background image

44-23

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 44 Configuring Inspection for Voice and Video Protocols

SIP Inspection

The drop-connection keyword drops the packet and closes the connection.

The mask keyword masks out the matching portion of the packet.

The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.

The log keyword, which you can use alone or with one of the other keywords, sends a system log
message.

The rate-limit message_rate argument limits the rate of messages.

You can specify multiple class or match commands in the policy map. For information about the order
of class and match commands, see the

“Defining Actions in an Inspection Policy Map” section on

page 33-2

.

Step 7

To configure parameters that affect the inspection engine, perform the following steps:

a.

To enter parameters configuration mode, enter the following command:

hostname(config-pmap)# parameters

hostname(config-pmap-p)#

b.

To enable or disable instant messaging, enter the following command:

hostname(config-pmap-p)# im

c.

To enable or disable IP address privacy, enter the following command:

hostname(config-pmap-p)# ip-address-privacy

d.

To enable check on Max-forwards header field being 0 (which cannot be 0 before reaching the
destination), enter the following command:

hostname(config-pmap-p)# max-forwards-validation action {drop | drop-connection |

reset | log} [log]

e.

To enable check on RTP packets flowing on the pinholes for protocol conformance, enter the
following command:

hostname(config-pmap-p)# rtp-conformance [enforce-payloadtype]

Where the enforce-payloadtype keyword enforces the payload type to be audio or video based on
the signaling exchange.

f.

To identify the Server and User-Agent header fields, which expose the software version of either a
server or an endpoint, enter the following command:

hostname(config-pmap-p)# software-version action {mask | log} [log]

Where the mask keyword masks the software version in the SIP messages.

g.

To enable state checking validation, enter the following command:

hostname(config-pmap-p)# state-checking action {drop | drop-connection | reset | log}

[log]

h.

To enable strict verification of the header fields in the SIP messages according to RFC 3261, enter
the following command:

hostname(config-pmap-p)# strict-header-validation action {drop | drop-connection |

reset | log} [log]

i.

To allow non SIP traffic using the well-known SIP signaling port, enter the following command:

hostname(config-pmap-p)# traffic-non-sip

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals