Manualshelf

Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700
161162163164165166167168169170
5-28
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 5 Configuring Virtual Servers
Configuring Virtual Servers
SIP Content Length The SIP message body content length is used for SIP protocol inspection decisions.
To specify SIP traffic based on SIP message body length:
1. In the Content Operator field, confirm that Greater Than is selected.
2. In the Content Length field, enter the maximum size of a SIP message body in bytes that the
ACE is to allow without performing SIP protocol inspection. If a SIP message exceeds the
specified value, the ACE performs SIP protocol inspection as defined in an associated policy
map. Valid entries are integers from 0 to 65534 bytes.
SIP Request Method A SIP request method is used for application inspection decisions.
In the Request Method field, select the request method that is to be inspected.
Third Party SIP allows users to register other users on their behalf by sending REGISTER messages with
different values in the From and To header fields. This process can pose a security threat if the
REGISTER message is actually a DEREGISTER message. A malicious user could cause a DoS
(denial-of-service) attack by deregistering all users on their behalf. To prevent this security threat,
you can specify a list of privileged users who can register or unregister someone else on their
behalf. The ACE maintains the list as a regex table. If you configure this policy, the ACE drops
REGISTER messages with mismatched From and To headers and a From header value that does
not match any of the privileged user IDs.
In the Third Party Registration Entities field, enter a regular expression that identifies a privileged
user who is authorized for third-party registrations. Valid entries are unquoted text strings with no
spaces and a maximum of 255 alphanumeric characters. The ACE supports regular expressions for
matching string expressions. Table 12-33 lists the supported characters that you can use for
matching string expressions.
URI Length The ACE can validate the length of SIP URIs or Tel URIs. A SIP URI is a user identifier that a
calling party (source) uses to contact the called party (destination). A Tel URI is a telephone
number that identifies the endpoint of a SIP connection. For more information about SIP URIs and
Tel URIs, see RFC 2534 and RFC 3966, respectively.
To filter SIP traffic based on URIs, do the following:
1. In the URI Type field, indicate the type of URI to be used:
SIP URI—The calling party URI is to be used for this match condition.
Tel URI—A telephone number is to be used for this match condition.
2. In the URI Operator field, confirm that Greater Than is selected.
3. In the URI Length field, enter the maximum length of the SIP URI or Tel URI in bytes. Valid
entries are integers from 0 to 254 bytes.
Table 5-7 SIP Protocol Inspection Conditions and Options (continued)
Condition Description