Defining Sip Content Checks - Cisco 4700M Configuration Manual

Chapter 3 Configuring Application Protocol Inspection

Defining SIP Content Checks

OL-16202-01
Header expressions allow spaces if the spaces are escaped or quoted. See
Table 3-5 for a list of the supported characters that you can use in regular
expressions.
When matching data strings, note that the period (.) and question
Note
mark (?) characters do not have a literal meaning in regular
expressions. Use brackets ([]) to match these symbols (for example,
enter www[.]xyz[.]com instead of www.xyz.com). You can also use a
backslash (\) to escape a dot (.) or a question mark (?).
For example, to identify the calling party in the SIP From header, enter:
host1/Admin(config-cmap-sip-insp)# match calling-party
sip:this-user@thisnetwork.com;tag=745g8
To remove the match statement from the class map, enter:
host1/Admin(config-cmap-sip-insp)# no match calling-party
sip:this-user@thisnetwork.com;tag=745g8
You can configure the ACE to perform SIP content checks based on the content
length or the content type. By default, the ACE allows all content types. To define
SIP content checks, use the match content command in class map SIP inspection
configuration mode.
The syntax of this command is as follows:
[line_number] match content {length gt number} | {type sdp | expression}
The keywords, arguments, and options are as follows:
line_number—(Optional) Argument that assists you in editing or deleting
•
individual match commands. Enter an integer from 2 to 1024 as the line
number. You can enter no line_number to delete long match commands
instead of entering the entire line. The line numbers do not dictate a priority
or sequence for the match statements.
length—Specifies the SIP message body length.
•
gt—Specifies the greater than operator.
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 SIP Inspection Policy
3-79