38-31
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 38 Configuring Inspection for Voice and Video Protocols
SIP Inspection
–
Default Level—Sets the security level back to the default level of Low.
Modes
The following table shows the modes in which this feature is available:
Add/Edit SIP Policy Map (Security Level)
The Add/Edit SIP Policy Map pane lets you configure the security level and additional settings for SIP
application inspection maps.
Fields
• Name—When adding a SIP, enter the name of the SIP map. When editing a SIP map, the name of
the previously configured SIP map is shown.
• Description—Enter the description of the SIP map, up to 200 characters in length.
• Security Level—Select the security level (high or low).
–
Low—Default.
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Not enforced.
SIP conformance: Do not perform state checking and header validation.
–
Medium
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Permitted.
Hide server’s and endpoint’s IP addresses: Disabled.
Mask software version and non-SIP URIs: Disabled.
Ensure that the number of hops to destination is greater than 0: Enabled.
RTP conformance: Enforced.
Limit payload to audio or video, based on the signaling exchange: No
SIP conformance: Drop packets that fail state checking.
–
High
SIP instant messaging (IM) extensions: Enabled.
Non-SIP traffic on SIP port: Denied.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
