ASA 9.13_Class Map for source destination, SIP traffic _configuration help_default policy map

NDP · ‎06-07-2020

could someone help me to write class map to enable SIP inspection only for Any source to one/two specific SIP server

and apply it to default policy-map global

following is the existing

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect netbios 
  inspect tftp
class export
flow-export destination inside X.X.X.X
service-policy global_policy global

Wanted to enable sip inspection only for one/two SIP servers but not for all SIP connections.

I added as following:-

access-list MVoIP extended line 1 permit any host X.X.X.X

access-list MVoIP extended line 2 permit any host X.X.X.X

class-map MVoip

match access-list MVoiP

policy-map global_policy

class MVoiP

inspect sip

is throwing an error " WARNING: Inspection not installed or parameters do not match" and class map is added after class export but not above class inspection_default

is there anyway to get this done. could you help me. Thank you in advance

NDP · ‎06-08-2020

This is resolved after created duplicate global policy map

by adding following class-map

access-list extended sipvoip extended permit tcp any host <SIPServerIP> eq sip

access-list extended sipvoip extended permit udp any host <SIPServerIP> eq sip

class-map SIP

match access-list sipvop

policy-map global2

class sip

inspect sip

class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
class export
flow-export destination inside X.X.X.X
service-policy global_policy global2