SIP
SIP, RFC 2543, is a signaling protocol for Internet conferencing, telephony, presence, events
notification, and instant messaging. SIP was developed in the mid-1990s by the Internet
Engineering Task Force (IETF) as a real-time communication protocol for IP voice, and it has
expanded into video and instant-messaging applications. SIP works with Session Description
Protocol (SDP), RFC 2327, for call signaling. SDP specifies the ports for the media stream.
Using SIP, the Security Appliance can support any SIP VoIP gateways and VoIP proxy servers.
To support SIP calls through the Security Appliance, signaling messages for the media
connection addresses, media ports, and embryonic connections for the media must be
inspected, because although the signaling is sent over a well-known destination port (UDP/
TCP 5060), the media streams are dynamically allocated. Also, SIP embeds IP addresses in
the user data portion of the IP packet. SIP inspection applies NAT for these embedded IP
addresses.
Application inspection for SIP is enabled by default, using the inspect sip command. You can
use the class-map command to change the default TCP port assignment for SIP. You can use
the show conn state sip command to view all active SIP connections.