Configuring a Layer 7 SIP Inspection Policy
Configuring a Layer 7 SIP Inspection Policy
Note
Configuring a Layer 7 SIP Inspection Class Map
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-74
This section describes how to configure Layer 7 SIP inspection class maps and
policy maps. The ACE uses class maps to filter SIP traffic based on a variety of
parameters such as, the called party, the calling party, content type, SIP URI, and
so on. The ACE uses policy maps to permit or deny that traffic, depending on the
actions that you specify.
You can associate a maximum of 1024 instances of the same type of regular
expression (regex) with a a Layer 4 policy map. This limit applies to all Layer 7
policy-map types, including generic, HTTP, RADIUS, RDP, RTSP, and SIP. You
configure regexes in the following:
Match statements in Layer 7 class maps
•
Inline match statements in Layer 7 policy maps
•
Layer 7 hash predictors for server farms
•
•
Layer 7 sticky expressions in sticky groups
Header insertion and rewrite (including SSL URL rewrite) expressions in
•
Layer 7 action lists
This section contains the following topics:
Configuring a Layer 7 SIP Inspection Class Map
•
Configuring a Layer 7 SIP Inspection Policy Map
•
This section describes how to configure a Layer 7 class map for SIP application
protocol inspection. It contains the following topics:
Creating a Layer 7 SIP Inspection Class Map
•
Adding a Layer 7 Class Map Description for SIP Inspection
•
•
Defining the Called Party in the SIP To Header
Defining the Calling Party in the SIP From Header
•
Defining SIP Content Checks
•
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01