Chapter 3
Configuring Application Protocol Inspection
RTSP Inspection
OL-16202-01
parameter map. For information about configuring a connection parameter map,
see
Chapter 4, Configuring TCP/IP Normalization and IP Reassembly
Parameters.
The ACE performs the following ILS inspection operations:
Decodes the LDAP REQUEST/RESPONSE PDUs using the Basic Encoding
•
Rules (BER) decoder functions
Parses the LDAP packet
•
Extracts IP addresses
•
Translates IP addresses as necessary
•
Encodes the PDU with translated addresses using BER encode functions
•
•
Copies the newly encoded PDU back to the TCP packet
Performs an incremental TCP checksum and sequence number adjustment
•
The following restrictions apply to the ACE ILS inspection feature:
Referral requests and responses are not supported.
•
Users in multiple directories are not unified.
•
•
Single users having multiple identities in multiple directories cannot be
recognized by NAT.
The Real-Time Streaming Protocol (RTSP) is used by RealAudio, RealNetworks,
Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. RTSP
applications use the well-known port 554 with TCP and UDP as the control
channel. The ACE supports TCP only in conformity with RFC 2326.
The TCP control channel negotiates the data channels used to transmit audio and
video traffic, depending on the transport mode that is configured on the client.
The supported data transport modes are rtp/avp, rtp/avp/udp, x-real-rdt,
x-real-rdt/udp, and x-pn-tng/udp. The data transport types rtp/avp/tcp and
x-real-rdt/tcp use the control channel to stream data. RTSP inspection is not
required in this case to open a secure port (pinhole) for the data channel.
The ACE parses SETUP response messages with a status code of 200.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Application Protocol Inspection Overview
3-15