Defining Sip Uri Checks - Cisco 4700M Configuration Manual

Chapter 3 Configuring Application Protocol Inspection

Defining SIP URI Checks

OL-16202-01
expression—Privileged user that is authorized for third-party registrations.
•
Enter a regular expression from 1 to 255 alphanumeric characters. The ACE
supports the use of regular expressions for matching. Expressions are stored
in a header map in the form header-name: expression. Header expressions
allow spaces, provided that the spaces are escaped or quoted. See
for a list of the supported characters that you can use in regular expressions.
When matching data strings, note that the period (.) and question
Note
mark (?) characters do not have a literal meaning in regular
expressions. Use brackets ([]) to match these symbols (for example,
enter www[.]xyz[.]com instead of www.xyz.com). You can also use a
backslash (\) to escape a dot (.) or a question mark (?).
For example, to filter SIP traffic based on SIP registrations or deregistrations,
enter:
host1/Admin(config-cmap-sip-insp)# match third-party-registration
USER1
To remove the match statement from the class map, enter:
host1/Admin(config-cmap-sip-insp)# no match third-party-registration
USER1
You can configure the ACE to validate the length of SIP URIs or Tel URIs. A SIP
URI is a user identifier that a calling party (source) uses to contact the called party
(destination). A Tel URI is a telephone number that identifies the endpoint of a
SIP connection. For more information about SIP URIs and Tel URIs, see RFC
2534 and RFC 3966.
To filter SIP traffic based on URIs, use the match uri command in class map SIP
inspection configuration mode.
The syntax of this command is as follows:
[line_number] match uri {sip | tel} length gt value
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 SIP Inspection Policy
Table 3-5
3-85