38-26
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 38 Configuring Inspection for Voice and Video Protocols
SIP Inspection
–
Phone Proxy radio button—Specifies to associate the Phone Proxy with the TLS Proxy that you
select from the TLS Proxy Name field.
Configure button—Opens the Configure the Phone Proxy dialog box so that you can specify or
edit Phone Proxy configuration settings.
–
UC-IME Proxy ratio button—Specifies to associate the UC-IME Proxy (Cisco Intercompany
Media Engine proxy) with the TLS Proxy that you select from the TLS Proxy Name field.
Configure button—Opens the Configure the UC-IME Proxy dialog box so that you can specify
or edit UC-IME Proxy configuration settings.
• TLS Proxy Name:—Name of existing TLS Proxy.
• Manage—Opens the Add TLS Proxy dialog box to add a TLS Proxy.
Only one TLS proxy can be assigned to the Phone Proxy or UC-IME Proxy at a time. If you configure
more than one service policy rule for Phone Proxy or UC-IME Proxy inspection and attempt to assign a
different TLS proxy to them, ASDM displays a warning that all other service policy rules with Phone
Proxy or UC-IME inspection will be changed to use the latest selected TLS proxy.
The UC-IME Proxy configuration requires two TLS proxies – one for outbound traffic and one for
inbound. Rather than associating the TLS proxies directly with the UC-IME Proxy, as is the case with
phone proxy, the TLS proxies are associated with it indirectly via SIP inspection rules.
You associate a TLS proxy with the Phone Proxy while defining a SIP inspection action . ASDM will
convert the association to the existing phone proxy.
Modes
The following table shows the modes in which this feature is available:
SIP Class Map
The SIP Class Map pane lets you configure SIP class maps for SIP inspection.
An inspection class map matches application traffic with criteria specific to the application. You then
identify the class map in the inspect map and enable actions. The difference between creating a class
map and defining the traffic match directly in the inspect map is that you can create more complex match
criteria and you can reuse class maps. The applications that support inspection class maps are DNS, FTP,
H.323, HTTP, IM, and SIP.
Fields
• Name—Shows the SIP class map name.
• Match Conditions—Shows the type, match criterion, and value in the class map.
–
Match Type—Shows the match type, which can be a positive or negative match.
–
Criterion—Shows the criterion of the SIP class map.
–
Value—Shows the value to match in the SIP class map.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
Need help?
General
