I have a question regarding SIP inspection in a PIX 515 running version 8.0(3).
The problem is that there are two different VoIP solutions inside the network, one that require SIP inspection and one that won't work if it is enabled. Since they reside in different networks I think there might be a solution.
I have tried to solve this issue using following configuration but it doesn't work. All traffic is selected for SIP inspection regardless ACL entries. Any ideas?
Network 172.20.148.0/24 on interface âinnyâ should not be submitted to SIP inspection.
access-list inspect_sip3 extended deny ip 172.20.148.0 255.255.255.0 any
access-list inspect_sip3 extended deny ip any 172.20.148.0 255.255.255.0
access-list inspect_sip3 extended permit tcp any any eq sip
access-list inspect_sip3 extended permit udp any any eq sip
match access-list inspect_sip3
policy-map type inspect dns migrated_dns_map_1
message-length maximum 512
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
service-policy global_policy global
service-policy sip interface outside
service-policy sip interface inny