Installation guide
5-27
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 5 Configuring Virtual Servers
Configuring Virtual Servers
Step 8 For SIP inspection, do the following:
a. In the Actions subset, click Add to add a new match condition and action, or select an existing match
condition and action, and then click Edit to modify it. The Actions configuration pane appears.
b. In the Matches field, select an existing class map or *New* or *Inline Match* to configure new
match criteria for protocol inspection.
If you select an existing class map, the screen refreshes and allows you to view, modify, or duplicate
the selected class map. See the “Shared Objects and Virtual Servers” section on page 5-9 for more
information about modifying shared objects.
c. Configure match criteria and related actions using the information in Table 5-7.
Table 5-7 SIP Protocol Inspection Conditions and Options
Condition Description
Called Party The destination or called party specified in the URI of the SIP To header is used for SIP protocol
inspection decisions.
In the Called Party field, enter a regular expression that identifies the called party in the URI of
the SIP To header for this match condition. Valid entries are unquoted text strings with no spaces
and a maximum of 255 alphanumeric characters. The ACE supports regular expressions for
matching string expressions. Table 12-33 lists the supported characters that you can use for
matching string expressions.
Calling Party The source or caller specified in the URI of the SIP From header is used for SIP protocol
inspection decisions.
In the Calling Party field, enter a regular expression that identifies the calling party in the URI of
the SIP From header for this match condition. Valid entries are unquoted text strings with no
spaces and a maximum of 255 alphanumeric characters. The ACE supports regular expressions for
matching string expressions. Table 12-33 lists the supported characters that you can use for
matching string expressions.
IM Subscriber An IM (instant messaging) subscriber is used for application inspection decisions.
In the IP Subscriber field, enter a regular expression that identifies the IM subscriber for this
match condition. Valid entries are unquoted text strings with no spaces and a maximum of 255
alphanumeric characters. The ACE supports regular expressions for matching string expressions.
Table 12-33 lists the supported characters that you can use for matching string expressions.
Message Path SIP inspection allows you to filter messages coming from or transiting through certain SIP proxy
servers. The ACE maintains a list of the unauthorized SIP proxy IP addresses or URIs in the form
of regular expressions and checks this list against the VIA header field in each SIP packet.
In the Message Path field, enter a regular expression that identifies the SIP proxy server for this
match condition. Valid entries are unquoted text strings with no spaces and a maximum of 255
alphanumeric characters. The ACE supports regular expressions for matching string expressions.
Table 12-33 lists the supported characters that you can use for matching string expressions.
SIP Content Type The content type in the SIP message body is used for SIP protocol inspection decisions.
In the Content Type field, enter a regular expression that identifies the content type in the SIP
message body to use for this match condition. Valid entries are unquoted text strings with no
spaces and a maximum of 255 alphanumeric characters. The ACE supports regular expressions for
matching string expressions. Table 12-33 lists the supported characters that you can use for
matching string expressions.