[c-nsp] R: Cisco ASA and SDP length(VOIP/SIP)

[Brian Turnbow]

Hi Feby,

 (VOIP/SIP)
> 
> Does anyone knows if a Cisco ASA which has SIP inspect turned on can cause
> SDP length on a SIP message to be changed dramatically. We did an upgrade
> on our Cisco ASA from 7.3  to 8.4(6) and i have been told the upgrade is doing
> funny changes to SIP message.
> 

We do a lot of sip and always turn off sip inspect/sip algs and such and let the border controller take care of any  nat traversal etc.
We have yet to find one that doesn't break something sooner or later.
The sip inspection will change payload in the packet ( example natted  ip addresses)  that will cause the packet length to change for sure.
The only way to be 100% sure what changes is to capture before and after and take a look as it varies by version etc.
You can also change the port numbers used by the phones/gateways  to bypass sip inspection and see what the differences are.

Regards

Brian






> Thanks for all the help with this matter,
> 
> Feby Francis
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


---
This e-mail is intended only for the addressee named above. 
As this e-mail may contain confidential or privileged information, 
if you are not the named addressee, you are not authorized to retain, read, 
copy or disseminate this message or any part of it.   
 
Please consider your environmental responsibility before printing this e-mail.