Configure Sip Timeout Values; Verifying And Monitoring Sip Inspection - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 14
Inspection for Voice and Video Protocols
•
•
Example:
hostname(config-class)# no inspect sip
hostname(config-class)# inspect sip sip-map
Note
Step 5
If you are editing an existing service policy (such as the default global policy called global_policy), you
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
Example:
hostname(config)# service-policy global_policy global
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Configure SIP Timeout Values
The media connections are torn down within two minutes after the connection becomes idle. This is,
however, a configurable timeout and can be set for a shorter or longer period of time.
You can configure several SIP global timeout values on the Configuration > Firewall > Advanced >
Global Timeouts page.
To configure the timeout for the SIP control connection, enter the following command:
hostname(config)# timeout sip hh:mm:ss
This command configures the idle timeout after which a SIP control connection is closed.
To configure the timeout for the SIP media connection, enter the following command:
hostname(config)# timeout sip_media hh:mm:ss
This command configures the idle timeout after which a SIP media connection is closed.
Verifying and Monitoring SIP Inspection
The show sip command displays information for SIP sessions established across the ASA. Along with
the debug sip and show local-host commands, this command is used for troubleshooting SIP inspection
engine issues.
sip_policy_map is the optional SIP inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the SIP inspection policy map, see
Configure SIP Inspection Policy Map, page
tls-proxy proxy_name identifies the TLS proxy to use for this inspection. You need a TLS proxy
only if you want to enable inspection of encrypted traffic.
If you are editing the default global policy (or any in-use policy) to use a different SIP inspection
policy map, you must remove the SIP inspection with the no inspect sip command, and then
re-add it with the new SIP inspection policy map name.
14-24.
Cisco ASA Series Firewall CLI Configuration Guide
SIP Inspection
14-29
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
