Session Initiation Protocol (SIP) Extension for Instant Messaging, RFC 3428
The MESSAGE/INFO requests can arrive at any time after a registration or a subscription. For example, two users can be online at any time, but not chat for hours. Therefore, the SIP inspection engine opens pinholes, which timeout in accordance with the configured SIP timeout value. This value must be configured for at least five minutes longer than the subscription duration. The Contact Expires value defines the subscription duration and is typically 30 minutes.
Because the MESSAGE/INFO requests are typically sent through a dynamically allocated port other than port 5060, they are required to go through the SIP inspection engine.
Note: The SIP also enables Voice over IP (VoIP) calls. The SIP works with the Secure Device Provisioning (SDP) for call signaling.
In order to resolve this issue, enable inspection for SIP on the security appliance with the inspect sip command.
Hi community, I have a cisco asa Version 9.8(4) without contexts and only one internet connection.Actually it have multiple policy based vpns and remote access vpn.is it possible to add a new location and use routed based VPN?Regards
It appears the ASA IOS train for versions 9.8(4)20 and higher have a bug that prevents copying any ASA image to flash. The result is always a "Signature not valid for file" error. Even when specifying /noverify on the copy operation. I first noticed this ...
Hello All, We are deploying a NAC solution for one the customer. There was request came from client on the temporal agent, is there any way we can avoid the downloading each time the temporal agent for compliance checks. Can we push these tempor...
Hi, I am trying to workout a way to find the the last hit time for all the ACL rules on an FTD from the CLI. In ASAs you can use the show access-list all_name brief command and match the hashes from that with the hashes of the ACEs in an ACL to ...
Just swapped over to a Rogers 5G wireless "cradlepoint" for a backup in one of my locations. Now when we failover test, http/https will not connect to endpoint in either datacenter on the other side of the tunnel. I have my IP MTU set to...