Realplayer Configuration Requirements; Limitations For Rstp Inspection; Configure Rtsp Inspection - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
RTSP Inspection
RTSP inspection does not support PAT or dual-NAT. Also, the ASA cannot recognize HTTP cloaking
where RTSP messages are hidden in the HTTP messages.
RealPlayer Configuration Requirements
When using RealPlayer, it is important to properly configure transport mode. For the ASA, add an
access-list command from the server to the client or vice versa. For RealPlayer, change transport mode
by clicking Options>Preferences>Transport>RTSP Settings.
If using TCP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
TCP for all content check boxes. On the ASA, there is no need to configure the inspection engine.
If using UDP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use
UDP for static content check boxes, and for live content not available via multicast. On the ASA, add
an inspect rtsp port command.
Limitations for RSTP Inspection
The following restrictions apply to the RSTP inspection.
•
•
•
•
•
Configure RTSP Inspection
RTSP inspection is enabled by default. You need to configure it only if you want non-default processing.
If you want to customize RTSP inspection, use the following process.
Procedure
Configure RTSP Inspection Policy Map, page 14-19
Step 1
Configure the RTSP Inspection Service Policy, page 14-21
Step 2
Cisco ASA Series Firewall CLI Configuration Guide
14-18
The ASA does not support multicast RTSP or RTSP messages over UDP.
The ASA does not have the ability to recognize HTTP cloaking where RTSP messages are hidden
in the HTTP messages.
The ASA cannot perform NAT on RTSP messages because the embedded IP addresses are contained
in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and the ASA
cannot perform NAT on fragmented packets.
With Cisco IP/TV, the number of translates the ASA performs on the SDP part of the message is
proportional to the number of program listings in the Content Manager (each program listing can
have at least six embedded IP addresses).
You can configure NAT for Apple QuickTime 4 or RealPlayer. Cisco IP/TV only works with NAT
if the Viewer and Content Manager are on the outside network and the server is on the inside
network.
Chapter 14
Inspection for Voice and Video Protocols
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
