Configuring a Layer 7 SIP Inspection Policy
Configuring a Layer 7 SIP Inspection Policy Map
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-86
The keywords, arguments, and options are as follows:
line_number—(Optional) Argument that assists you in editing or deleting
•
individual match commands. Enter an integer from 2 to 1024 as the line
number. You can enter no line_number to delete long match commands
instead of entering the entire line. The line numbers do not dictate a priority
or sequence for the match statements.
sip—Specifies the ACE validates the length of a SIP URI.
•
tel— Specifies the ACE validates the length of a Tel URI.
•
length—Specifies the length of the SIP or Tel URI.
•
gt—Greater than operator.
•
value—Maximum value for the length of the SIP URI or Tel URI in bytes.
•
Enter an integer from 0 to 254 bytes.
For example, enter:
host1/Admin(config-cmap-sip-insp)# match uri sip length gt 100
To remove the match statement from the class map, enter:
host1/Admin(config-cmap-sip-insp)# no match uri sip length gt 100
This section describes how to configure a Layer 7 SIP inspection policy map. The
Layer 7 policy map configures the applicable SIP inspection actions executed on
the network traffic that matches the classifications defined in a class map. You
then associate the completed Layer 7 SIP inspection policy with a Layer 3 and
Layer 4 policy map to activate the operation on a VLAN interface (see the
"Defining Layer 3 and Layer 4 Application Protocol Inspection Policy Actions"
section).
This section contains the following topics:
Configuring a Layer 7 SIP Inspection Policy Map
•
Adding a Layer 7 SIP Inspection Policy Map Description
•
Including Inline Match Statements in a Layer 7 SIP Inspection Policy Map
•
Associating the Layer 7 SIP Inspection Class Map with the Policy Map
•
Specifying the Layer 7 SIP Inspection Policy Map Actions
•
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01