Chapter 3
Configuring Application Protocol Inspection
SIP Inspection Configuration Considerations
Creating a SIP Parameter Map
OL-16202-01
Be aware of the following considerations when you configure SIP inspection on
the ACE:
If the IP address in the owner field (o=) is different from the IP address in the
•
connection field (c=) of the Session Description Protocol (SDP) portion of a
SIP packet, the ACE may not translate the IP address correctly. This incorrect
IP address translation is caused by a limitation of the SIP protocol, which
does not provide a port value in the owner field (o=).
If a remote endpoint attempts to register with a SIP proxy server on a network
•
protected by the ACE, the registration fails under the following conditions:
PAT is configured on the remote endpoint.
–
The SIP registration server is on the outside network.
–
The port value is missing in the contact field of the REGISTER message
–
that the endpoint sends to the proxy server.
You can configure advanced SIP behavior for SIP deep packet inspection by using
the parameter-map type sip command in configuration mode.
The syntax of this command is as follows:
parameter-map type sip name
The name argument is the identifier assigned to the parameter map. Enter an
unquoted text string with no spaces and a maximum of 32 alphanumeric
characters.
For example, enter:
host1/Admin(config)# parameter-map type sip SIP_PARAMMAP
host1/Admin(config-parammap-sip)#
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a SIP Parameter Map
3-117