The Real-Time Streaming Protocol (RTSP) is a multimedia streaming protocol that many
Most RTSP applications use TCP port 554. On some rare occasions, UDP is used in the control channel.
The commonly used TCP control channel negotiates the data channels used to transmit audio and video. This is negotiated based on the transport mode specified on the client.
The following are the supported Real Data Transport (RDT) protocol transports:
Use the inspect rtsp command to enable RTSP inspection on the Cisco ASA.
The Session Initiation Protocol (SIP) is a signaling protocol used in multimedia conferencing applications, IP telephony, instant messaging, and some event-notification features on several applications. This protocol is defined in RFC 3261. SIP signaling is sent over UDP or TCP port 5060. The media streams are dynamically allocated. Figure 8-12 illustrates the basics of a SIP call flow between two SIP calling entities and gateways, respectively.
Figure 8-12. SIP Call Flow
The Cisco ASA is able to inspect any NAT SIP transactions successfully. To enable SIP inspection, use the inspect sip command. You can see SIP connection statistics using the show conn state sip command. The show service-policy command provides you with SIP inspection statistics.
SIP is also used by IM applications. The details on SIP extensions for instant messaging are defined in RFC 3428. Instant messengers use MESSAGE/INFO
To configure the idle timeout after which a SIP control connection will be closed, use the timeout sip command. The default timeout value is 30 minutes. Use the timeout sip_media command to configure the idle timeout after which a SIP media connection will be closed. The default is 2 minutes.
Example 8-14 shows how the Cisco ASA is configured with a SIP timeout of 1
Example 8-14. SIP Timeout Example
Chicago(config)# timeout sip 1:00:00 Chicago(config)# timeout sip_media 0:30:00
The SIP media timeout value must be configured at least 5 minutes longer than the subscription duration (timeout sip) .
Skinny is a protocol used in VoIP applications. (Skinny is another
Figure 8-13. Cisco IP Phone Registration and Communication Flow
In Figure 8-13, the Cisco IP Phone is assigned to a specific VLAN. After that, it sends a request to the DHCP server to get an IP address, DNS server address, and TFTP server name or address. It also gets a default gateway address if you have set these options in the DHCP server.
If a TFTP server name is not included in the DHCP reply, the Cisco IP Phone uses the default server name.
The Cisco IP Phone obtains its configuration from the TFTP server. It resolves the Cisco CallManager name via DNS and starts the Skinny registration process.
The Cisco ASA inspects the Skinny transactions with the use of the inspect skinny command. This command is enabled by default.
Cisco ASA does not support
As previously discussed, Cisco IP Phones download their configuration information from a TFTP server. This information includes the name or IP address of the Cisco CallManager server to which they need to connect. You must use an ACL to
Instructions on how to create ACLs and static NAT entries are covered in Chapter 5, "Network Access Control."
Cisco ASA Configuration (Networking Professional's Library)
The Accidental Administrator: Cisco ASA Security Appliance: A Step-by-Step Configuration Guide
Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition)
NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures (Networking Technology)