SIP

The Session Initiation Protocol (SIP) is a signaling protocol used in multimedia conferencing applications, IP telephony, instant messaging, and some event-notification features on several applications. This protocol is defined in RFC 3261. SIP signaling is sent over UDP or TCP port 5060. The media streams are dynamically allocated. Figure 8-12 illustrates the basics of a SIP call flow between two SIP calling entities and gateways, respectively.

Figure 8-12. SIP Call Flow

The Cisco ASA is able to inspect any NAT SIP transactions successfully. To enable SIP inspection, use the inspect sip command. You can see SIP connection statistics using the show conn state sip command. The show service-policy command provides you with SIP inspection statistics.

SIP is also used by IM applications. The details on SIP extensions for instant messaging are defined in RFC 3428. Instant messengers use MESSAGE/INFO requests and 202 Accept responses when users chat with each other. The MESSAGE/INFO requests are sent after registration and subscription transactions are completed. For example, two users may have their IM application connected at any time, but not talk to each other for a long period of time. The Cisco ASA SIP inspection engine maintains this information for a set period of time according to the configured SIP timeout value.

To configure the idle timeout after which a SIP control connection will be closed, use the timeout sip command. The default timeout value is 30 minutes. Use the timeout sip_media command to configure the idle timeout after which a SIP media connection will be closed. The default is 2 minutes.

Example 8-14 shows how the Cisco ASA is configured with a SIP timeout of 1 hour.

Example 8-14. SIP Timeout Example

Chicago(config)# timeout sip 1:00:00

Chicago(config)# timeout sip_media 0:30:00

Note

The SIP media timeout value must be configured at least 5 minutes longer than the subscription duration (timeout sip).