7-29
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
7






Configuring

Virtual

Servers
Configuring
Virtual

Servers
Step
6
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this

configuration

on

t

he
ACE
and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.


Click
Cancel
to
exit

this

procedure

without
saving
your

entries.


Click
Deploy
Later
to
save
your
entries

and

deploy
the
configuration
at


a

l

ater

time.
Related
Topics


Configuring
Virtual

Server

Properties,

page
7-11


Configuring
Virtual

Server
SSL
Termination,

page
7-17


Configuring
Virtual
Server
Layer

7

Lo

ad

Balancing,

page
7-30


Managing
Virtual

Servers,

page
7-66
Third
Party
Condition
that

indicates

that

the

SIP

is

to

allow

users

to

register

other

users

on

their

behalf

by
sending
REGISTER

messages

with

different

values

in

the

From

and

To

header

fields.

This

process
can
pose

a

security

threat

if

the

REGISTER

message

is

actually

a

DEREGISTER

message.

A
malicious
user

could

cause

a

DoS

(denial-of-service)

attack

by

deregistering

all

users

on

t

heir
behalf.
To

prevent

this

security

threat,

you

can

specify

a

list

of

privileged

users

who

can

register

or
unregister
someone

else

on

their

behalf.

The

ACE

maintains

the

list

as

a

regex

table.

If

you
configure
this

policy,

the

ACE

drops

REGISTER

messages

with

mismatched

From

and

To

headers
and
a

From

header

value

that

does

not

match

any

of

the

privileged

user

IDs.
In
the

Third

Party

Registration

Entities

field,

enter

a

regular

expression

that

identifies

a

privileged
user
who

is

authorized

for

third-party

registrations.

Valid

entries

are

unquoted

text

strings

with

no
spaces
and

a

maximum

of

255

alphanumeric

characters.

The

ACE

supports

regular

expressions

for
matching
string

expressions.

Ta

b

l

e


14-33

lists

the

supported

characters

that

you

can

use

for
matching
string

expressions.
URI
Length
Condition
that

indicates

that

the

ACE

is

to

validate

the

length

of

SIP

URIs

or

Tel

URIs.

A

SIP

URI
is
a

user

identifier

that

a

calling

party

(source)

uses

to

contact

the

called

party

(destination).

A

Tel
URI
is

a

telephone

number

that

identifies

the

endpoint

of

a

SIP

connection.

For

more

information
about
SIP

URIs

and

Tel

URIs,

see

RFC

2534

and

RFC

3966,

respectively.
To
filter

SIP

traffic

based

on

URIs,

do

the

following:
a.
In
the

URI

Type

field,

choose

the

t

ype

of

URI

to
be
used:


SIP

URI—The

calling

party

URI

is

to

be

used

for

this

match

condition.


Tel

URI—A

telephone

number

is

to

be

used

for

this

match

condition.
b.
In
the
URI
Operator
field,

confirm

that

Greater

Than

is

selected.
c.
In
the
URI
Length

field,
enter
the

maximum

length
of
the

SIP

URI

or

Tel

URI

in

bytes.

Valid
entries
ar

e

fr

om

0

t

o

254

bytes.
Table
7-10
SIP
Protocol

Inspection

Conditions

and

Options

(continued)
Condition
Description