Cisco Systems ASA 5580 Manual De Usuario
11-18
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Configuring Inspection for Voice and Video Protocols
SIP Inspection
ciscoasa(config-pmap-p)# url-length-limit length
Where the length argument specifies the URL length in bytes (0 to 6000).
The following example shows a how to define an RTSP inspection policy map.
ciscoasa(config)# regex badurl1 www.url1.com/rtsp.avi
ciscoasa(config)# regex badurl2 www.url2.com/rtsp.rm
hostname(config)# regex badurl3 www.url3.com/rtsp.asp
ciscoasa(config)# class-map type regex match-any badurl-list
ciscoasa(config-cmap)# match regex badurl1
ciscoasa(config-cmap)# match regex badurl2
ciscoasa(config-cmap)# match regex badurl3
ciscoasa(config)# policy-map type inspect rtsp rtsp-filter-map
ciscoasa(config-pmap)# match url-filter regex class badurl-list
ciscoasa(config-pmap-p)# drop-connection
ciscoasa(config)# class-map rtsp-traffic-class
ciscoasa(config-cmap)# match default-inspection-traffic
ciscoasa(config)# policy-map rtsp-traffic-policy
ciscoasa(config-pmap)# class rtsp-traffic-class
ciscoasa(config-pmap-c)# inspect rtsp rtsp-filter-map
ciscoasa(config)# service-policy rtsp-traffic-policy global
SIP Inspection
This section describes SIP application inspection. This section includes the following topics:
•
•
•
•
•
SIP Inspection Overview
SIP, as defined by the IETF, enables call handling sessions, particularly two-party audio conferences, or
“calls.” SIP works with SDP for call signalling. SDP specifies the ports for the media stream. Using SIP,
the ASA can support any SIP VoIP gateways and VoIP proxy servers. SIP and SDP are defined in the
following RFCs:
“calls.” SIP works with SDP for call signalling. SDP specifies the ports for the media stream. Using SIP,
the ASA can support any SIP VoIP gateways and VoIP proxy servers. SIP and SDP are defined in the
following RFCs:
•
SIP: Session Initiation Protocol, RFC 3261
•
SDP: Session Description Protocol, RFC 2327