Application Protocol Inspection Overview
SCCP Inspection
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-16
Because RFC 2326 does not require that the client and server ports are contained
in the SETUP response message, the ACE must track the state and remember the
client ports in the SETUP message. QuickTime places the client ports in the
SETUP message; the server responds with only the server ports.
During RTSP inspection, the ACE does not do the following:
Inspect RTSP messages that pass through UDP ports.
•
Support RealNetworks multicast mode (x-real-rdt/mcast).
•
Support the ability to recognize HTTP cloaking where RTSP messages are
•
hidden in HTTP messages.
Perform NAT on RTSP messages because the embedded IP addresses are
•
contained in the Session Description Protocol (SDP) files as part of HTTP or
RTSP messages.
The following additional restrictions apply to RTSP inspection as performed by
the ACE:
With Cisco IP/TV, the number of translations that the ACE performs on the
•
SDP part of the message is proportional to the number of program listings in
the Content Manager (each program listing can have at least six embedded IP
addresses).
When using RealPlayer, you must properly configure the transport mode. For
•
the ACE, add an ACL classification from the server to the client. For
RealPlayer, change the transport mode by clicking Tools>Preferences>
Connection>Network Transport>RTSP Settings.
If you use TCP mode on the RealPlayer, check the Attempt to use TCP
–
for all content check box. It is not necessary to configure RTSP
application inspection on the ACE.
If you use UDP mode on the RealPlayer, check the Attempt to use UDP
–
for all content check box. Configure RTSP application inspection on the
ACE.
Skinny Client Control Protocol (SCCP) is used in VoIP networks, for example,
with Cisco IP phones and Cisco CallManager. The ACE supports all versions of
the SCCP protocol through version 3.3.2.
SCCP inspection provides the following operations:
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01