access-list sip_log extended permit udp any any eq 1085
class-map siptraffic match access-list sip_log class-map type regex match-any SIP description SIP Class Map match regex SIP_MESSAGE match regex SIP_OPTIONS match regex SIP_SUBSCRIBE match regex SIP_INVITE match regex SIP_REGISTER
class-map type inspect sip match-any sip_class match content type regex class SIP
policy-map type inspect sip test_sip class sip_class log
policy-map outside_sip-policy class siptraffic inspect sip test_sip
I do not want the complete UDP traffic on port 1085 to be policed. This should only be effective against the SIP packets on port 1085. My hope was that this would work with that inspect rule. Do you have an idea how to archive this somehow?
If another app is using the same port you are using for your SIP then your might have bigger problems that policing.
You cannot match on a protocol over a specific port.To match in a class map you use an ACL or the other options. In thesype inspect class-maps you can only match on fields to be acted uponin a policy-map.
If you want to drop the SIP packets over that port then your config will work.
But if you want to rate limit only the SIP packets over that port it can't be done.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...