Using Realplayer; Restrictions And Limitations - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
RTSP Inspection
For Cisco IP/TV, use RTSP TCP port 554 and TCP 8554.
Note
RTSP applications use the well-known port 554 with TCP (rarely UDP) as a control channel. The
security appliance only supports TCP, in conformity with RFC 2326. This TCP control channel is used
to negotiate the data channels that is used to transmit audio/video traffic, depending on the transport
mode that is configured on the client.
The supported RDT transports are: rtp/avp, rtp/avp/udp, x-real-rdt, x-real-rdt/udp, and x-pn-tng/udp.
The security appliance parses Setup response messages with a status code of 200. If the response
message is travelling inbound, the server is outside relative to the security appliance and dynamic
channels need to be opened for connections coming inbound from the server. If the response message is
outbound, then the security appliance does not need to open dynamic channels.
Because RFC 2326 does not require that the client and server ports must be in the SETUP response
message, the security appliance keeps state and remembers the client ports in the SETUP message.
QuickTime places the client ports in the SETUP message and then the server responds with only the
server ports.
RTSP inspection does not support PAT or dual-NAT. Also, the security appliance cannot recognize HTTP
cloaking where RTSP messages are hidden in the HTTP messages.
Using RealPlayer
When using RealPlayer, it is important to properly configure transport mode. For the security appliance,
add an access-list command from the server to the client or vice versa. For RealPlayer, change transport
mode by clicking Options>Preferences>Transport>RTSP Settings.
If using TCP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
TCP for all content check boxes. On the security appliance, there is no need to configure the inspection
engine.
If using UDP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
UDP for static content check boxes, and for live content not available via Multicast. On the security
appliance, add an inspect rtsp port command.
Restrictions and Limitations
The following restrictions apply to the inspect rtsp command.
•
•
•
•
•
Cisco Security Appliance Command Line Configuration Guide
25-62
The security appliance does not support multicast RTSP or RTSP messages over UDP.
PAT is not supported.
The security appliance does not have the ability to recognize HTTP cloaking where RTSP messages
are hidden in the HTTP messages.
The security appliance cannot perform NAT on RTSP messages because the embedded IP addresses
are contained in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and
security appliance cannot perform NAT on fragmented packets.
With Cisco IP/TV, the number of translates the security appliance performs on the SDP part of the
message is proportional to the number of program listings in the Content Manager (each program
listing can have at least six embedded IP addresses).
Chapter 25
Configuring Application Layer Protocol Inspection
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
