06-07-2020 09:50 AM - edited 06-07-2020 09:52 AM
could someone help me to write class map to enable SIP inspection only for Any source to one/two specific SIP server
and apply it to default policy-map global
following is the existing
policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect netbios inspect tftp
class export
flow-export destination inside X.X.X.X service-policy global_policy global
Wanted to enable sip inspection only for one/two SIP servers but not for all SIP connections.
I added as following:-
access-list MVoIP extended line 1 permit any host X.X.X.X
access-list MVoIP extended line 2 permit any host X.X.X.X
class-map MVoip
match access-list MVoiP
policy-map global_policy
class MVoiP
inspect sip
is throwing an error " WARNING: Inspection not installed or parameters do not match" and class map is added after class export but not above class inspection_default
is there anyway to get this done. could you help me. Thank you in advance
06-08-2020 09:11 AM
This is resolved after created duplicate global policy map
by adding following class-map
access-list extended sipvoip extended permit tcp any host <SIPServerIP> eq sip
access-list extended sipvoip extended permit udp any host <SIPServerIP> eq sip
class-map SIP
match access-list sipvop
policy-map global2
class sip
inspect sip
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
class export
flow-export destination inside X.X.X.X
service-policy global_policy global2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide