Table Of Contents

SIP Profiles on Cisco Unified Border Element
(SP Edition)

Contents

Information About SIP Profiles

Method-Profiles

Restrictions for Configuring Method-Profiles

Information About Method-Profiles

Configuring Method-Profiles

Unconfiguring Method-Profiles

Applying Method-Profiles

Response Code Mapping

Restrictions for Response Code Mapping

Configuring Response Code Mapping

Applying Response Code Mapping

Header Profiles

Restrictions for Configuring Header Profiles

Information About Header Profiles

Header Manipulation

Header Profile Conditional Matching

Store-Rules Declaration

Request-Line Modification

Header Profile Configuration Information

Configuring Header Profiles

Applying Header Profiles

Provisional Response Filtering

Provisional Response Filtering Information

Configuring Provisional Response Filtering

Applying Provisional Response Filtering

Parameter Profiles

Restrictions for Configuring Parameter Profiles

Information About Parameter Profiles

Configuring Parameter Profiles

Applying a Parameter Profile to a Header Profile

Associating with an Adjacency

Ability to Insert Firewall Parameter in SIP Contact Header

Configuring Ability to Insert Firewall Parameter in SIP Contact Header

Configuration Examples for SIP Profiles

Method-Profile Examples

Applying Method-Profiles Example

Associating Predefined Header Profiles Example

Associating Predefined Parameter Profiles Example

Associating Response Code Mapping Example

Configuring Header Profiles Example

Applying Header Profiles Example

Header Manipulation Examples

Example—Removing P-Asserted-Identity Header

Example—Removing Header Based on Condition in Another Header

Example—Removing Organization Header from All Reponses

Example—Transforming a Header into Another Header

Example—Outgoing Messages Contain a Specific Header

Example—Blacklisting a Header

Example—Whitelisting a Header

Example—Passing a Date Header

Example—Stripping Organization Headers in INVITE

Example—Applying Parameter Profile

Example—Converting Remote-Party-ID or P-Preferred-Identity

Example—Using Directory Number Prefix to Set Privacy

Example—Stripping P-Called-Party-Identity

Example—Replacing Outbound Request-line

Example—P-KT-UE-IP Header Support

Response Filtering Example

Parameter Profile Examples

Ability to Insert Firewall Parameter in SIP Contact Header Examples

SIP Profiles on Cisco Unified Border Element
(SP Edition)

---

You can configure Cisco Unified Border Element (SP Edition) with method and header profiles on Session Initiation Protocol (SIP) messages. These profiles are used to control which SIP requests are accepted (whitelists) and which requests are rejected (blacklists) based on the method of the request. This helps to avoid misusing the SBE or SIP adjacency by SIP users and improves the efficiency of SIP calls.

A header-profile can conditionally match any part of a header, but can only replace the entire header. SIP parameter profiles extend this capability to allow changes to be made to individual SIP Request Uniform Resource Identifier (URI) parameters associated with a header.

---

Note These features are supported in the unified model for Cisco IOS XE Release 2.4 and later.

---

Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).

For a complete description of commands used in this chapter, refer to the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.

For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.

Feature History for SIP Profiles on Cisco Unified Border Element (SP Edition)

Release	Modification
Cisco IOS XE Release 2.4	SIP Header Profile, SIP Method-Profile, parameter profile, response code mapping, SIP header manipulation, and provisional response filtering features were introduced on the Cisco ASR 1000 Series Aggregation Services Routers along with support for the unified model.
Cisco IOS XE Release 2.5	The following features were introduced on the Cisco ASR 1000 Series Routers: •Ability to Insert Firewall Parameter in SIP Contact Header. •Enhanced SIP header manipulation functionality on the Cisco ASR 1000 Series Routers. •P-KT-UE-IP header (type of private header) support as part of SIP header manipulation functionality.

Contents

This chapter contains the following sections:

•Information About SIP Profiles

•Method-Profiles

•Response Code Mapping

•Header Profiles

•Provisional Response Filtering

•Parameter Profiles

•Ability to Insert Firewall Parameter in SIP Contact Header

•Configuration Examples for SIP Profiles

Information About SIP Profiles

Cisco Unified Border Element (SP Edition) can manipulate the following SIP profiles:

•Method-profiles

•Header-Profiles

•Parameter-profiles

Method-profiles allow the association of header-profiles and parameter-profiles to method elements contained in the method-profile. You can use actions with method-profiles to allow the whitelist to contain blacklisted headers and the blacklist to contain whitelisted headers as well as to reject non-vital methods. This allows any profile to contain mixed actions per-profile.

Header-profiles allow complex header manipulation to occur, over and above the existing whitelist and blacklist functionality using actions based on conditional expressions.

Header-profiles additionally allow the association of parameter-profiles in header elements contained in the profile.

You can use variables to store header content; you can then optionally reconstruct the headers using previously stored variables. You can also match headers based on regular expression matching. You can use conditional matching to match against adjacency settings, transport addresses, and a number of boolean match criteria. You can also use header-profiles to reference and make limited modifications to the Request-Line.

Parameter-profiles allow the removal, replacement, or addition of specific URI parameters within certain vital headers.

You can also associate parameter-profiles with methods in method-profiles for the purpose of request-line processing per method only.

You can configure multiple store-rules, request-lines, and header entries, each with unique actions and/or conditions under which the action is applied. Figure 16-1 show the hierarchical association of adjacency, method-profiles, header-profiles, and parameter-profiles. The dotted line shows the deprecated method for paramter-profile association to method-profiles.

Figure 16-1 SIP Profiles

Method-Profiles

SIP methods can be blacklisted and whitelisted dynamically at run-time during receipt of a message (ingress) and at transmission of a message (egress).

A configured method-profile allows two types of method-profiles for non-vital requests. These can be blacklist (drop) or whitelist (pass). The whitelist action is considered to be the default type for a method if `blacklist' is not present in the command line.

The method-profile will contain a list of methods which are either passed on (whitelist) or dropped (blacklist). A single profile can then be associated with each of the inbound or outbound call sides.

Method-profiles can be associated with pre-defined header-profiles. In addition, pre-defined parameter profiles can be associated with the Request-line per method.

Method-profiles are not allowed to blacklist or whitelist vital methods; however, header-profiles and parameter-profiles can be associated with vital methods.

Status code mapping can be associated with any method type declared in a method-profile such that any response identified with this method can be changed. For example, a 503 response to an INVITE could potentially be changed to a 500 response if appropriate mapping is declared against the INVITE method.

This section contains the following topics:

•Restrictions for Configuring Method-Profiles

•Information About Method-Profiles

•Configuring Method-Profiles

•Applying Method-Profiles

Restrictions for Configuring Method-Profiles

Review the following restrictions for method-profiles:

•Any given profile must be exclusively a whitelist or a blacklist.

•Two profiles are applied to process any given SIP message: one inbound and, if permitted through that, one outbound.

•Profiles check only SIP methods in the Request Uniform Resource Identifier (URI)

•SIP requests that are blacklisted and non-essential are rejected as a result of a method-profile's rules. SIP responses are always forwarded.

•Any method unknown to Cisco Unified Border Element (SP Edition) which is forwarded as a result of a profile's rules does not affect creating or deleting a SIP dialog.

•Methods that are essential to the operation of Cisco Unified Border Element (SP Edition) cannot be blacklisted and are implicitly added to any whitelist.

•Profiles cannot be deleted while they are in active use by at least one adjacency.

•In case of non-Information Management System (IMS) preset, there is a default method-profile (sip method-profile default). If configured, the default method profile is attached to the adjacencies for which no explicit user-defined method-profiles are configured for both inbound and outbound. The sip method-profile default is an empty white-list by itself.

Information About Method-Profiles

After you configure a profile, you can assign it for a default application. Any SIP adjacency can apply it to signaling for that adjacency.

---

Note Profiles are an optional part of the configuration—they do not have to be specified for Cisco Unified Border Element (SP Edition) to operate correctly. The default behavior is that requests with one of the essential methods are processed, and all other requests are rejected.

---

You can add or remove methods from profiles at any time. Each method can optionally be assigned one of three actions with the action command:

•Either pass or reject the method.

•Use the as-profile action to select the default profile blacklist or whitelist.

Profiles cannot be deleted while at least one adjacency is using them. You can see which adjacencies are using a profile by entering the following show commands:

show sbc sbc-name sbe sip method-profile [profile-name]

or

show sbc sbc-name sbe sip essential-methods

Table 16-1 lists the methods that are part of the essential method set.

Table 16-1 Essential Methods 

INVITE	PRACK
ACK	NOTIFY
CANCEL	REFER
BYE	SUBSCRIBE
REGISTER

To modify parameters in the request-line, associate a parameter-profile with a method-profile.

Cisco IOS XE Release 2.4 and later contains the following functionalities:

•Predefined header-profiles can be associated with outgoing method-profiles.

•Predefined parameter profiles can be associated with the request-line per method.

---

Note Header-profiles and parameter-profiles can be associated with essential methods even though method-profiles are not allowed to blacklist/whitelist essential methods.

---

•Response code mapping can be associated with any method type declared in a method-profile so that any response identified with the method can be changed. For example, a 503 response to an INVITE could potentially be changed to a 500 response if appropriate mapping is declared against the INVITE method.

Configuring Method-Profiles

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. sip method-profile profile-name

5. description description

6. blacklist

7. pass-body

8. method name

9. action {as-profile | pass | reject}

10. end

11. show sbc sbc-name sbe sip method-profile [profile-name]

12. show sbc sbc-name sbe sip essential-methods

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the submode for configuring the method-profile. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	sip method-profile profile-name Example: Router(config-sbc-sbe)# sip method-profile profile1	Configures a method-profile and enters SIP method-profile configuration mode. If you enter the profile-name default, the default profile is configured. This profile is used for all adjacencies that do not have a specific profile configured.
Step 5	description description Example: Router(config-sbc-sbe-sip-mth)# description mysbc profile1	Adds a description for the specified profile. The no form of this command removes the description. This description is displayed when the show command is used for this profile and is displayed for each profile when displaying a summary of all profiles.
Step 6	blacklist Example: Router(config-sbc-sbe-sip-mth)# blacklist	Configures a profile to be a blacklist. The no form of this command configures the profile to be a whitelist. Note By default, profiles are whitelists.
Step 7	pass-body Example: Router(config-sbc-sbe-sip-mth)# pass-body	Permits message bodies to be passed through for non-vital methods accepted by this profile. The no form of this command strips the message body out of any non-vital SIP messages matched by this profile. Note Non-vital method is same as non-essential method.
Step 8	method name Example: Router(config-sbc-sbe-sip-mth)# method test	Adds a method with the specified name to the profile. Enters the SBE method profile element configuration mode. This field can be 1 to 32 characters (inclusive) in length and is case-insensitive. The no form of this command deletes the method with that name from the profile.
Step 9	action {as-profile | pass | reject} Example: Router(config-sbc-sbe-sip-mth-ele)# action as-profile	Specifies the action to be performed on the parameter. as-profile drops the method. pass passes the method. reject rejects the method.
Step 10	end Example: Router(config-sbc-sbe-sip-mth-ele)# end	Exits SBE method profile element configuration mode and returns to Privileged EXEC mode.
Step 11	show sbc sbc-name sbe sip method-profile [profile-name] Example: Router# show sbc mysbc sbe sip-method-profile profile1	Displays details for the method-profile with the designated name. Use profile-name default to view the default profile. Displays a list of all configured method-profiles if no profile-name is specified.
Step 12	show sbc sbc-name sbe sip essential-methods Example: Router# show sbc mysbc sbe sip essential-methods	Displays a list of the essential methods listed in Table 16-1.

Unconfiguring Method-Profiles

The following example shows the proper sequence for unconfiguring a method profile applied to an adjacency. References to the profile must first be removed from all adjacencies. In this example, only one adjacency refers to the profile.

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. adjacency sip adjacency-name

5. no method-profile inbound profile-name

6. exit

7. no sip method-profile profile name

8. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the submode for configuring the method-profile. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	adjacency sip adjacency-name Example: Router(config-sbc-sbe)# adjacency sip sipadj1	Enters the mode of an SBE SIP adjacency. Use the adjacency-name argument to define the name of the service.
Step 5	no method-profile inbound profile-name Example: Router(config-sbc-sbe-adj-sip)# no method-profile inbound profile1	Unconfigures profile1 that was used for inbound signaling on adjacency test.
Step 6	exit Example: Router(config-sbc-sbe-adj-sip)# exit	Exits SBE SIP adjacency configuration mode and enters SBE configuration mode.
Step 7	no sip method-profile profile name Example: Router(config-sbc-sbe)# no sip method-profile profile1	The no form of this command deletes the method with that name from the profile.
Step 8	end Example: Router(config-sbc-sbe)# end	Exits the SBE mode and returns to Privileged EXEC mode.

Applying Method-Profiles

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. adjacency sip adjacency-name

5. method-profile inbound profile-name

6. end

7. show sbc sbc-name sbe sip method-profile name

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	adjacency sip adjacency-name Example: Router(config-sbc-sbe)# adjacency sip test	Enters the mode of an SBE SIP adjacency. Use the adjacency-name argument to define the name of the service.
Step 5	method-profile inbound profile-name Example: Router(config-sbc-sbe-adj-sip)# method-profile inbound profile1	Sets profile1 to be used for inbound signaling on adjacency test. Note When attaching a method profile to an adjacency, the adjacency must be in the "no attach" state.
Step 6	end Example: Router(config-sbc-sbe-adj-sip)# end	Exits the header profile mode and returns to Privileged EXEC mode.
Step 7	show sbc sbc-name sbe sip method-profile name Example: Router# show sbc mysbc sbe sip method-profile one	Displays the header profile information.

Response Code Mapping

Response code mapping provides an ability to manipulate the SIP response codes when the messages traverse the Cisco Unified Border Element (SP Edition). The mapping table is applied to inbound messages received at a SIP adjacency or to responses sent out of a SIP adjacency. The mapping is user-configurable on a per SIP method basis so that each SIP method can be mapped differently. Table 16-2 lists the mapping limitations on SIP response code.

Table 16-2

Response Codes	Mapping
100	No mapping allowed
1xx	Maps to 1yy (not 100)
2xx	Maps to 2yy
3xx	Maps to 3yy
4xx	Maps to 4yy, 5yy, or 6yy
5xx	Maps to 4yy, 5yy, or 6yy
6xx	Maps to 4yy, 5yy, or 6yy

Response Code Mapping

Response code mapping allows you to:

•Map a particular response code to a specific response code. For example, you can map 401 to 400, but not to 300. You can map 102 to 101, but not 100.

•Map a group of response codes (defined using a wildcard) to a specific response code. For example, you can map 40X to 400, or map all of 4XX to 400.

•Specify exceptions to the wildcard. For example, mapping 2XX to 201, and mapping 200 to 200.

You can use the map-status-code command to add one of more mappings.

Where configuration causes the response code to be mapped to one that is not defined in RFC 3261, Cisco Unified Border Element (SP Edition) applies the reason phrase "Unrecognized status code."

This section contains the following topics:

•Restrictions for Response Code Mapping

•Applying Response Code Mapping

Restrictions for Response Code Mapping

The following restrictions apply to Response Code Mapping:

•Response code mapping only covers mapping of SIP response codes. H.323 calls cannot have their response codes mapped.

•Certain messages are processed only by the SIP Transaction Manager; mapping of these messages is not possible. For example, badly formatted messages that cannot be interpreted are responded to directly by the SIP Transaction Manager.

•There is no provision for the mapping of SIP reason phrases. The reason phrase will always match the reason code as defined in RFC 3261. A generic reason phrase is applied when the requested reason code has no corresponding definition in RFC 3261. This phrase is a compile time constant.

•Changing the response code could result in an invalid message (for example, mapping the response code could produce a message with mandatory headers missing). There is no provision to ensure that messages contain headers required by the new response code.

•A maximum of 128 mappings is permitted in each direction per adjacency (128 inbound and 128 outbound mappings).

Configuring Response Code Mapping

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. sip method-profile profile-name

5. method name

6. map-status-code

7. range statuscoderange value statuscodevalue

8. end

9. show sbc sbc-name sbe sip method-profile [profile-name]

10. show sbc sbc-name sbe sip essential-methods

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the submode for configuring the method-profile. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	sip method-profile profile-name Example: Router(config-sbc-sbe)# sip method-profile profile1	Configures a method-profile. If you enter the profile-name default, the default profile is configured. This profile is used for all adjacencies that do not have a specific profile configured.
Step 5	method name Example: Router(config-sbc-sbe-sip-mth)# method test	Adds a method with the specified name to the profile. This field can be 1 to 32 characters (inclusive) in length and is case-insensitive. The no form of this command deletes the method with that name from the profile.
Step 6	map-status-code Example: Router(config-sbc-sbe-sip-mth-ele)# map-status-code	Enters the SIP method-profile element configuration mode.
Step 7	range statuscoderange value statuscodevalue Example: Router(config-sbc-sbe-sip-mth-ele-map)# range 5XX value 500	Maps a range of response codes to a response code.
Step 8	end Example: Router(config-sbc-sbe-sip-mth-prf)# end	Exits the method-profile mode and returns to Privileged EXEC mode.
Step 9	show sbc sbc-name sbe sip method-profile [profile-name] Example: Router# show sbc mysbc sbe sip-method-profile profile1	Displays details for the method-profile with the designated name. Use profile-name default to view the default profile. Displays a list of all configured method-profiles if no profile-name is specified.
Step 10	show sbc sbc-name sbe sip essential-methods Example: Router# show sbc mysbc sbe sip essential-methods	Displays a list of the essential methods listed in Table 16-1.

Applying Response Code Mapping

Apply response code mapping by associating it with an adjacency.

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. adjacency sip adjacency-name

5. method-profile inbound profile-name

6. end

7. show sbc sbc-name sbe sip method-profile name

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	adjacency sip adjacency-name Example: Router(config-sbc-sbe)# adjacency sip test	Enters the mode of an SBE SIP adjacency. Use the adjacency-name argument to define the name of the service.
Step 5	method-profile inbound profile-name Example: Router(config-sbc-sbe-adj-sip)# method-profile inbound profile1	Sets profile1 to be used for inbound signaling on adjacency test. Note When attaching a method profile to an adjacency, the adjacency must be in the "no attach" state.
Step 6	end Example: Router(config-sbc-sbe-adj-sip)# end	Exits the header profile mode and returns to Privileged EXEC mode.
Step 7	show sbc sbc-name sbe sip method-profile name Example: Router# show sbc mysbc sbe sip method-profile one	Displays the header profile information.

Header Profiles

Header-profiles processing occurs in a two-stage process. In the first stage, the following steps occur:

1. Select next header from the message.

2. Look through the header profile for rules affecting the selected header.

3. In configured order, try to apply each rule to the header.

4. If the action is to add a header, then ignore this rule and move on to the next.

5. If the match condition is FALSE then move onto the next rule, do not evaluate any parameter profile.

6. Apply the action or parameter profile described in the element. If this is to remove the header, then move on to the next header in the message.

The second stage adds new headers to the message. Because it occurs after the first stage, there is a well-defined group of headers in the message. The steps are:

1. Take each rule that adds a header to the message.

2. If the action is to add the first instance of the header only and there is already a header with that name in the message, then move onto the next addition rule.

---

Note If another action has replaced the name of header then it is the replaced name that is used to test whether a new header should be added. That is, any header-name replacements performed in stage 1 are used in this stage of header-name comparisons, and not the original header-names from the arriving message.

---

3. Add the header if the match condition evaluates to TRUE.

4. Apply any rules defined for that header in user-configured order with this name. Only apply rules that are ordered after the add header rule, if the header was added.

This section contains the following topics:

•Restrictions for Configuring Header Profiles

•Information About Header Profiles

•Header Manipulation

•Header Profile Configuration Information

•Configuring Header Profiles

•Applying Header Profiles

Restrictions for Configuring Header Profiles

Review the following restrictions for header profiles:

•Any given profile must be exclusively a whitelist or a blacklist.

•Two profiles are applied to process any given SIP message: one inbound and, if permitted through that, one outbound.

•SIP headers that are essential to the operation of Cisco Unified Border Element (SP Edition) cannot be blacklisted and are implicitly added to any whitelist.

•Profiles can not be removed while they are in active use by an adjacency.

•For provisional filtering, provisional responses may not be blocked where the sender has required reliable provisional responses (SIP 100rel). This is to ensure that Cisco Unified Border Element (SP Edition) does not interfere with the call setup (as per RFC3262) by dropping the provisional response.

•Header-profile conditional matching can be performed against any part of the message. The matches can be exact matches or even sub-strings of any given field.

•The conditions may be associated with a specific header referenced by the header-profile header definition, but can also reference other non-vital parts of the message in order to evaluate the conditional expression; thus the condition could be associated with header P-Asserted-Identity while checking against the contents of the Call-Info header.

Information About Header Profiles

After you configure a profile, you can assign it for a default application. Any SIP adjacency can apply it to signaling for that adjacency.

You can add or remove headers from profiles at any time. Headers configured on a profile must contain characters that are valid for a SIP header.

Profiles cannot be deleted while any adjacency is using them. You can see which adjacencies are using a profile by entering the following show command:

show sbc sbc-name sbe sip method-profile [profile-name]

or

show sbc sbc-name sbe sip essential-methods

Table 16-3 lists the fixed set of essential SIP headers, which are not permitted to be configured on any profile.

Table 16-3 Essential SIP Headers

To	Content-Type	Expires	Route	Referred-By
From	Content-Length	Min-Expires	Record-Route	Referred-To
Via	Contact	Authorization	Proxy-Authorization
Call-ID	Supported	WWW-Authenticate	Proxy-Require
CSeq	Require	Proxy-Authenticate	Replaces
Max-Forwards	Allow	Event	Subscription-State

---

Note Profiles are an optional part of the configuration. If no profile is applicable to a given SIP signal, then the essential headers are processed and all other headers are not forwarded.

---

Header Manipulation

You can modify non-essential headers in SIP messages using header and parameter profiles. The following information summarizes the supported actions:

•Pass the header unchanged (whitelist functionality).

•Conditionally pass the header unchanged.

•Remove the header (blacklist functionality).

•Conditionally remove the header.

•Replace the name of the header. The replacement name cannot be that of a vital header.

•Conditionally replace the header content (appearing after the ":").

•Add a new instance of a header to a message regardless of whether or not the header already exists.

•Add the first instance of the header to the message, if a header with this name does not already exist.

•A combination of the above actions can be specified as a set or group of actions to be performed within a profile.

•The header-profiles can be used in method-profiles to allow header actions only associated with specific requests types.

•Parameter-profiles can be associated with headers in header-profiles.

•Header content can be stored in variables and later expanded during replace-value actions.

•Privacy headers are treated as unknown headers, which by default would be blacklisted (stripped). However, the SBC can be configured to pass through SIP Privacy headers.

•Regular expression matching can be performed on headers.

You can match against any part of a header but only replace the entire header. A parameter-profile extends this capability to change individual SIP URI parameters associated with a header. Header profiles can only modify non-vital header information. To display the vital header information, use the show sbc test sbe sip essential-method, show sbc test sbe sip essential-headers, or show sbc test sbe sip essential-parameters commands.

Parameter-profiles can be specified to match the following parts of the message.

•Request URI

•To

•From

•Contact

To modify parameters in the Request-line, associate a parameter-profile with a method-profile. To modify parameters in Contact, To, or From headers, associate a parameter-profile in the header-profile.

Header Profile Conditional Matching

To allow header manipulation, a set of conditions can be specified in order to dictate the rules under which the header actions will be applied. Conditional matching allows comparisons to be performed against any part of the message. The matches can be exact matches or even sub-strings of any given field.

The conditions can be associated with a specific header referenced by the header-profile header definition, but equally can also reference other non-vital parts of the message in order to evaluate the conditional expression.

---

Note Absence of a condition (conditional expression) implies the condition for the action is always true.

---

Each condition represents a part of the message to be manipulated, and the operation to be performed. A condition can be defined in the following ways:

condition comparison-type operator comparison-value

or

condition boolean-operator operator {true | false}

Example:

condition header-value contains "Cisco"

condition is-request eq true

Table 16-4 lists the comparison types:

Table 16-4 Comparison Types

status-code	response code value
header-value	current header content
header-name name header-value	content of a different header
variables	match on variable content
adjacency	match on adjacency settings
transport	match on transport addresses or ports
header-uri	match on parts of the URI (username)
request-uri	match on parts of the request-URI (username)
word	match on static strings

Table 16-5 lists the operators:

Table 16-5 Operators

[not] eq	equals or not equal
[not] contains	contains or does not contain
[not] regex-match	regular expression matching (BRE)
store-as	store-rules only

Table 16-6 lists the boolean operators:

Table 16-6 Boolean Operators

is-sip-uri	does the header contain a sip: URI
is-tel-uri	does the header contain a tel: URI
is-request	is the message a request
is-100rel-required	is the call performing 100rel
is-defined	test if a variable is defined

The following restrictions apply for conditional matching:

•Multiple conditional expressions against the same header can be added each containing unique actions and conditions to build complex manipulations

•Each condition must be entered one at a time. To add a subsequent condition to an existing condition, the condition must begin with "and" or "or". If the condition does not contain "and" or "or", it effectively overwrites any conditions already defined.

•If no profile-type is explicitly expressed in the header-profile command line definition then the assumed header profile type will be "whitelist".

•Multiple headers of the same type can be declared in any one profile defining either different action types or conditions.

•Character "*" can be used as a wildcard header, although only one wildcard header entry can be configured per profile.

•Duplicate header names with differing actions or conditions can be identified with the "entry <integer>" parameter in the command line. This can be used for the purposes of editing or deletion of a specific action related to a header. If no "entry" in the command line then it is assumed that the first entry related to the header of this header type is being configured.

Store-Rules Declaration

The data extracted from headers can be stored into variables. The store-rules are defined which are executed prior to any header element actions. Store-rules are specialized header elements of the format:

Store-Rule:<entry>

The store-rules contain conditions which allow storage in one of the following two ways:

1. A condition can contain a "store-as" keyword to directly store a string or complete header value into a variable.

condition comparison-type store-as variable-name

Example:

condition header-value store-as var1

The content of header-value will be stored into var1.

2. A regular expression can be applied to a header using keyword "regex-match". If the regular expression contains one or more (up to five max) sets of escaped parentheses `\( \)' around specific parts of the regular expression, then if the regular expression successfully matches, the values of each parts of the match grouped by the parentheses are extracted and stored into variables defined in the regex-match keyword arguments.

condition comparison-type regex-match [store-as variable-name....(up to 5)]

Example: 

condition header-name P-Asserted-Identiy header-value regex-match 
sip:\(.*\)@[Cc]isco.com store-as var1

For the complete list of comparison types, operators, and boolean operators, refer Table 16-4, Table 16-5, and Table 16-6.

Extracted variables can later be used in the actions which require values such as replace-value, add-first-header/add-header. Variables are expanded by use of "${var}" format within the replacement string.

Request-Line Modification

You can perform limited modification to the request-line with action replace-value in header-profiles.

The use of the request-line forming part of the header profiles is the preferred method for changes (including parameter profiles) to the request-line.

The format of the value used in action replace-value is:

sip:user@host[:port]

Variables already extracted in store-rules can be used in the construction of the the request-line.

Example:

"sip:${user}@${host}"

Request-line is a specialized header element of the format:

Request-URI:<entry>

---

Note Changes to the request-line must meet the SIP RFC 3261 formatting rules, and any host declared in the replacement must be a valid host to the SBC. User configuration cannot pre-screen the configured changes due to the possibility of variables being present in the configured replacement value. It is only at run-time when the actual request-line can be determined, and errors in request-line construction can result in call failures. Extreme care must be taken when using this feature to prevent call failures.

---

Header Profile Configuration Information

Consideration needs to be given as to the effect of an action or set of actions in conjunction with the default profile behavior (whitelist/blacklist).

An empty blacklist will effectively try to pass on any non-vital header.

An empty whitelist will effectively drop all non-vital headers.

The behavior becomes more complex when conditions are associated with headers.

It is important to consider what actions are defined on the in-bound side. If an empty whitelist header-profile is associated with the in-bound side, then no non-vital headers will be visible at all to the outbound side, and therefore, actions applied to the out-bound sides profile may appear not to work. You may need to consider adding actions to `pass' a specific header on the in-bound side by adding the header to a whitelist (with action as-profile or pass) or adding the header with action `pass' in a blacklist.

For example, if a header-profile is defined as a whitelist (default behavior), and a header action to modify the header-value is inserted with a condition, then the action will be processed if the condition is TRUE and the header modified, but will be ignored if the condition is FALSE.

Because the header is inserted into the whitelist it might well be assumed that it would be passed on unmodified if the condition is FALSE, however, if the condition is FALSE, the action (entry) is ignored, and therefore it is as if the header is not present in the whitelist so the header will not be passed on.

To overcome this, a second entry with action `pass' can be entered; thus if the headers condition is TRUE, the content with be modified, but if the condition is false, it will be ignored and continue to process any other entries. The second entry has an action `pass' and will cause the header to be passed on.

Configuring Header Profiles

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. sip header-profile profile-name

5. blacklist

6. description text

7. header name [entry number]

8. action {add-first-header | add-header | as-profile | drop-msg | pass | replace-name | replace-value | strip}

9. condition [comparison-type | boolean-operator | operator | comparison-value]

10. end

11. show sbc sbc-name sbe sip header-profile [profile-name]

12. show sbc sbc name sbe sip essential-headers

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the submode for configuring the header profile. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	sip header-profile profile-name Example: Router(config-sbc-sbe)# sip header-profile profile1	Configures a header profile. If you enter the profile-name default, the default profile is configured. This profile is used for all adjacencies which do not have a specific profile configured.
Step 5	blacklist Example: Router(config-sbc-sbe-sip-hdr)# blacklist	Configures a profile to be a blacklist. The no form of this command configures the profile to be a whitelist. Note By default, profiles are whitelists.
Step 6	description text Example: Router(config-sbc-sbe-sip-hdr)# description blacklist profile	Adds a description for the specified profile. The no form of this command removes the description. This description is displayed when the show command is used for this profile and is displayed for each profile when displaying a summary of all profiles.
Step 7	header name [entry number] Example: Router(config-sbc-sbe-sip-hdr)# header Organization entry 1	header name—Configures the SIP header that will be modified. Enters SBC SBE SIP-HDR-ELE configuration mode. entry number—Specifies which action entry to work on.
Step 8	action {add-first-header | add-header | as-profile | drop-msg | pass | replace-name | replace-value | strip} Example: Router(config-sbc-sbe-sip-hdr-ele)# action replace-value XYZcompany	Specifies the type of action to be applied to the header. In the example, the action specified is to conditionally replace the header content with a replace value of XYZcompany.
Step 9	condition [comparison-type | boolean-operator | operator | comparison-value] Example: Router (config-sbc-sbe-sip-hdr-ele-act)# condition header-value ABCcompany	Specifies the condition to match before taking an action to a SIP message profile. If the condition is met, the action specified in step 8 is performed. Enters SIP header-profile configuration mode. In the example, the condition header-value value is ABCcompany, which is matched and thus the value ABCcompany is replaced with XYZcompany.
Step 10	end Example: Router(config-sbc-sbe-sip-hdr-ele)# end	Exits the SBC SBE SIP-HDR-ELE configuration mode and returns to Privileged EXEC mode.
Step 11	show sbc sbc-name sbe sip header-profile [profile-name] Example: Router# show sbc mysbc sbe sip header-profile profile1	Displays details for the header profile with the designated name. Use the profile-name default to view the default profile. Displays a list of all configured method-profiles if no profile-name is specified.
Step 12	show sbc sbc-name sbe sip essential-headers Example: Router# show sbc mysbc sbe sip essential-headers	Displays a list of the essential headers listed in Table 16-1.

Applying Header Profiles

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. adjacency sip adjacency-name

5. header-profile inbound profile-name

6. end

7. show sbc service-name sbe sip header-profile name

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: Router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	adjacency sip adjacency-name Example: Router(config-sbc-sbe)# adjacency sip sipGW	Enters the mode of an SBE SIP adjacency. Use the adjacency-name argument to define the name of the service.
Step 5	header-profile inbound profile-name Example: Router(config-sbc-sbe-adj-sip)# header-profile inbound profile1	Sets the inbound header profile to be used for inbound signaling on adjacency sipGW. Note When attaching a header profile to an adjacency, the adjacency must be in the "no attach" state.
Step 6	end Example: Router(config-sbc-sbe-adj-sip)# end	Exits the SBE SIP adjacency mode and returns to Privileged EXEC mode.
Step 7	show sbc sbc-name sbe sip header-profile name Example: Router# show sbc sbc-name sbe sip header-profile name	Displays the header profile information.

Provisional Response Filtering

Provisional response filtering makes it possible to block 1XX responses (except 100) sent by endpoints. When configuring provisional response filtering, keep the following in mind:

•Provisional responses may not be blocked where the sender has required reliable provisional responses (SIP 100rel).

•Dropping responses where 100_rel is required is not recommended. It may prevent call setup since RFC3262 states subsequent responses should not be sent.

---

Note A call attempted with the ''Required: 100Rel'' header in the INVITE will fail when the adjacency is configured with a header profile to drop 183 messages.

---

This section contains the following topics:

•Configuring Provisional Response Filtering

•Applying Provisional Response Filtering

Provisional Response Filtering Information

Provisional response filtering is achieved by the use of the action drop-msg command. The action must be associated with the wildcard header action *. A condition should be added to match on the specific response code that must be dropped.

---

Note The header action * can only be used one time in a profile.

---

Configuring Provisional Response Filtering

1. configure terminal

2. sbc service-name

3. sbe

4. sip header-profile profile-name

5. header *

6. action drop-msg

7. condition status-code

8. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the submode for configuring the header profile. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	sip header-profile profile-name Example: Router(config-sbc-sbe)# sip header-profile profile1	Configures a header profile. If you enter the profile-name default, the default profile is configured. This profile is used for all adjacencies which do not have a specific profile configured.
Step 5	header * Example: Router(config-sbc-sbe-sip-hdr)# header *	Configures a profile to be a blacklist. The no form of this command configures the profile to be a whitelist. Note By default, profiles are whitelists. Note In order to filter provisional responses always use the asterisk (*) as the header name with the header command as shown in the command example.
Step 6	action drop-msg Example: Router(config-sbc-sbe-sip-hdr-ele)# action drop-msg	Configures the action to take on an element type in a header.
Step 7	condition status-code Example: Router(config-sbc-sbe-sip-hdr-ele-act)# condition status-code eq 183	Specifies a condition to match before taking an action to a SIP message profile.
Step 8	end Example: Router(config-sbc-sbe-sip-hdr-ele-act)# end	Exits the mode and returns to Privileged EXEC mode.

Applying Provisional Response Filtering

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. adjacency sip adjacency-name

5. header-profile inbound profile-name

6. end

7. show sbc service-name sbe sip header-profile name

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	adjacency sip adjacency-name Example: Router(config-sbc-sbe)# adjacency sip sipGW	Enters the mode of an SBE SIP adjacency. Use the adjacency-name argument to define the name of the service.
Step 5	header-profile inbound profile-name Example: Router(config-sbc-sbe-adj-sip)# header-profile inbound profile1	Sets the inbound header profile.
Step 6	end Example: Router(config-sbc-sbe-adj-sip)# end	Exits the SBE SIP adjacency mode and returns to Privileged EXEC mode.
Step 7	show sbc service-name sbe sip header-profile name Example: Router# show sbc service-name sbe sip header-profile name	Shows details of the specified SIP header profile.

Parameter Profiles

Parameter profiles allow you to specify specific URI parameter names and allow the removal, replacement, or the addition of specific non-vital URI parameters within certain headers.

The header-profile allows potential conditional matching against SIP URI parameters forming part of a limited set of headers. It only allows complete replacement of the header and or content.

The parameter-profile will allow actions to be performed only on the SIP URI parameters and not header parameters

This section contains the following topics:

•Restrictions for Configuring Parameter Profiles

•Information About Parameter Profiles

•Configuring Parameter Profiles

•Applying a Parameter Profile to a Header Profile

Restrictions for Configuring Parameter Profiles

Review the following restrictions for parameter profiles:

•A parameter profile is only permitted to act on parameters associated with SIP URIs and not header parameters.

•To prevent call processing failures, actions cannot be performed against vital (essential) parameters.

•Parameter profiles work only on the outbound side.

•Some existing adjacency settings may impact the way parameter actions are affected.For example, consider the adjacency setting vpssAdjRewriteToHdr set by as follows:

	sbc test

  		sbe

    			adjacency sip <adj name>

       				passthrough [to/from]

This setting can cause the To: and or From: headers to be passed from inbound to outbound side.

The default setting on an adjacency, however, is FALSE (no "passthrough [to/From]" appears in the show run against the adjacency)' which means that the To: and From: headers are effectively always re-written on the outbound side by default. The impact of this is that parameter-profiles actions applied to the inbound sides To: and/or From: headers will be lost on the outbound side unless `passthrough [to/from]' is set in the configuration. Thus the action add-not-present can look like it always adds a parameter on the outbound side, even when the parameter is present on the in-bound side.

•If a parameter-profile adds a parameter to the request-line, and the To: header does not have setting `passthrough to' set against the adjacency, then the re-writing of the To: header which is typically based on the Request-Line, will cause the parameter to also appear in the To: header.

•The content of the Request-line may affect the behavior of parameter-profiles attached to method-profiles. If the request-line that arrives on the in-bound side of the call directly addresses the address of Cisco Unified Border Element (SP Edition), then effectively any call that originates on the out-bound side requires a new Request-Line to be generated. This means that parameters arriving on the in-bound side are effectively lost and can cause the action add-not-present to look like it always adds a parameter.

If however, the Request-Line address the final destination, then the Request-Line is effectively passed across to the outbound side and modified as needed. Parameters in this case are visible on the out-bound side.

Information About Parameter Profiles

Parameter-profiles form a set of actions that can be performed against any one header or request-line.

Parameter-profiles can only be specified against the following parts of the message:

•Request URI

•To

•From

•Contact

To modify parameters in Contact, To, or From headers, associate a parameter-profile in the header-profile.

To modify parameters in the request-line, associate a parameter-profile with a method-profile.

---

Note Parameter-profiles can be associated with essential methods even though method-profiles are not allowed to blacklist/whitelist essential methods.

---

Configuring Parameter Profiles

Perform this task to configure parameter profiles.

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. sip parameter-profile {profile-name}

5. parameter {parameter name}

6. action {add-not-present| add-or-replace | strip}

7. end

8. show sbc sbc-name sbe sip-parameter-profile [profile name]

9. show sbc sbc name sbe sip essential-parameters

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	sip parameter-profile {profile-name} Example: Router(config-sbc-sbe)# sip parameter-profile parmprof1	Configures a parameter profile and enters SBE SIP header configuration mode.
Step 5	parameter {parameter name} Example: Router(config-sbc-sbe-sip-prm)# parameter user	Adds a parameter with a specified name to the parameter profile.
Step 6	action {add-not-present| add-or-replace | strip} Example: Router(config-sbc-sbe-sip-prm-ele)# action add-not-present value phone	Specifies the action to be performed on the parameter.
Step 7	end Example: Router(config-sbc-sbe-sip-prm-ele)# end	Exits the SBE parameter profile parameter configuration mode and returns to Privileged EXEC mode.
Step 8	show sbc sbc-name sbe sip-parameter-profile [profile name] Example: Router# show sbc mysbc sbe sip parameter-profile profile1	Displays details for the parameter profile with the designated name. Use the name default to view the default profile.
Step 9	show sbc sbc name sbe sip essential-headers Example: Router# show sbc mysbc sbe sip essential-headers	Displays a list of the essential headers.

Applying a Parameter Profile to a Header Profile

Perform this task to apply parameter profiles to a header profile.

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. sip header-profile header-profile-name

5. header header-name

6. parameter-profile parameter-profile-name

7. end

8. show sbc sbc-name sbe sip header-profile {profile-name}

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the configuration mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the configuration mode of the signaling border element (SBE) function of the SBC.
Step 4	sip header-profile header-profile-name Example: Router(config-sbc-sbe-sip)# header-profile profile1	Enters the configuration mode for a header profile.
Step 5	header header-name Example: Router(config-sbc-sbe-sip-hdr)# header P-Asserted-Identity	Enters the header subcommand mode, where you specify the header type to match.
Step 6	parameter-profile parameter-profile-name Example: Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile parmprof1	Configures the parameter profile to apply when the header type is matched.
Step 7	end Example: Router(config-sbc-sbe-sip-hdr-ele)# end	Exits the SIP header profile header configuration mode and returns to Privileged EXEC mode.
Step 8	show sbc sbc-name sbe sip header-profile name Example: Router# show sbc sbc-name sbe sip header-profile name	Displays the header profile information.

Associating with an Adjacency

Perform the following steps to associate a header profile with an adjacency.

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. adjacency sip adjacency-name

5. header-profile inbound profile-name

6. end

7. show sbc service-name sbe sip header-profile name

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enables global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	adjacency sip adjacency-name Example: Router(config-sbc-sbe)# adjacency sip sipGW	Enters the mode of an SBE SIP adjacency. Use the adjacency-name argument to define the name of the service.
Step 5	header-profile inbound profile-name Example: Router(config-sbc-sbe-adj-sip)# header-profile inbound profile1	Sets profile1 to be used for inbound signaling on adjacency sipGW.
Step 6	end Example: Router(config-sbc-sbe-sip-hdr-prf)# end	Exits the header profile mode and returns to Privileged EXEC mode.
Step 7	show sbc sbc-name sbe sip header-profile name Example: Router# show sbc sbc-name sbe sip header-profile name	Displays the header profile information.

Ability to Insert Firewall Parameter in SIP Contact Header

This feature enables Cisco Unified Border Element (SP Edition) to insert the calling party's network information (IP address) into SIP headers.

You can use this feature to insert the public IP address for user equipment (UE) that is behind the Network Address Translation (NAT) devices into the SIP contact header as a "firewall" parameter. Inserting a firewall parameter in the header is needed because public IP address information in SIP messages is required in order to properly charge the related parties.

A sample modified contact header in SIP message is the following:

Contact:<sip:ea7cf5084c04f49e77644dbe53fd5f1d@10.140.90.6;transport=udp;firewall=10.0.48.41>;Expires=600

See "Ability to Insert Firewall Parameter in SIP Contact Header Examples" section for examples on inserting IP address information into SIP contact headers.

Configuring Ability to Insert Firewall Parameter in SIP Contact Header

Perform these tasks to configure this feature.

SUMMARY STEPS

1. configure terminal

2. sbc service-name

3. sbe

4. sip parameter-profile profile-name

5. parameter {parameter name}

6. action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}| add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip}

7. exit

8. sip parameter-profile profile-name

9. parameter {parameter name}

10. action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}| add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip}

11. exit

12. sip header-profile profile-name

13. action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}| add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip}

14. exit

15. header header-name

16. entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name | replace-value | strip] | parameter-profile name}

17. parameter-profile name

18. sip header-profile profile-name

19. header header-name

20. entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name | replace-value | strip] | parameter-profile name}

21. parameter-profile name

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 2	sbc service-name Example: Router(config)# sbc mysbc	Enters the configuration mode of an SBC service. Use the service-name argument to define the name of the service.
Step 3	sbe Example: Router(config-sbc)# sbe	Enters the configuration mode of the signaling border element (SBE) function of the SBC.
Step 4	sip parameter-profile {profile-name} Example: Router(config-sbc-sbe)# sip parameter-profile proxy-param	Configures a parameter profile and enters SBE SIP header configuration mode.
Step 5	parameter {parameter name} Example: Router(config-sbc-sbe-sip-prm)# parameter firewall	Adds a parameter with a specified name to the parameter profile and enters SIP parameter profile parameter configuration mode.
Step 6	action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}| add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip} Example: Router(config-sbc-sbe-sip-prm-ele)# action-strip	Configures the action to take on a parameter.
Step 7	exit Example: Router(config-sbc-sbe-sip-prm-ele)# exit	Exits SBE parameter profile parameter configuration mode and enters SBE configuration mode.
Step 8	sip parameter-profile {profile-name} Example: Router(config-sbc-sbe)# sip parameter-profile access-param	Configures a parameter profile. Enters into SIP parameter-profile configuration mode.
Step 9	parameter {parameter name} Example: Router(config-sbc-sbe-sip-prm)# parameter firewall	Adds a parameter with a specified name to the parameter profile. Enters SIP parameter profile configuration mode.
Step 10	action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}| add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip} Example: Router(config-sbc-sbe-sip-hdr-ele)# action add-or-replace value public-ip-address	Configures the action to take on a parameter.
Step 11	exit Example: Router(config-sbc-sbe-sip-hdr-ele)# exit	Exits to SBE configuration mode.
Step 12	sip header-profile profile-name Example: Router(config-sbc-sbe)# sip header-profile proxy	Configures a header profile. Enters SIP header profile header configuration mode. If you enter the profile-name default, the default profile is configured. This profile is used for all adjacencies which do not have a specific profile configured.
Step 13	action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}| add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip} Example: Router(config-sbc-sbe-sip-hdr-ele)# action add-or-replace value public-ip-address	Configures the action to take on a parameter.
Step 14	exit Example: Router(config-sbc-sbe-sip-hdr-ele)# exit	Exits SBE header profile header configuration mode and enters into SIP header configuration mode.
Step 15	header name Example: Router(config-sbc-sbe-sip-hdr)# header test1	Configures the profile to contain the header test1. Enters SIP header profile header configuration mode.
Step 16	entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name | replace-value | strip] | parameter-profile name} Example: Router(config-sbc-sbe-sip-hdr-ele)# entry 1	Configures an entry in a profile.
Step 17	parameter-profile parameter-profile-name Example: Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile proxy-param	Configures the parameter profile to apply when the header type is matched.
Step 18	sip header-profile profile-name Example: Router(config-sbc-sbe)# sip header-profile test1	Configures a header profile. Enters SIP header configuration mode. If you enter the profile-name default, the default profile is configured. This profile is used for all adjacencies which do not have a specific profile configured.
Step 19	header name Example: Router(config-sbc-sbe-sip-hdr)# header test1	Configures the profile to contain the header test1. Enters SBE header profile header configuration mode.
Step 20	entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name | replace-value | strip] | parameter-profile name} Example: Router(config-sbc-sbe-sip-hdr-ele)# entry 1 action as-profile	Configures an entry in a profile.
Step 21	parameter-profile parameter-profile-name Example: Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile access-param	Configures the parameter profile to apply when the header type is matched.

Configuration Examples for SIP Profiles

This section contains the following:

•Method-Profile Examples

•Applying Method-Profiles Example

•Associating Predefined Header Profiles Example

•Associating Predefined Parameter Profiles Example

•Associating Response Code Mapping Example

•Configuring Header Profiles Example

•Applying Header Profiles Example

•Header Manipulation Examples

•Response Filtering Example

•Parameter Profile Examples

•Example—P-KT-UE-IP Header Support

•Ability to Insert Firewall Parameter in SIP Contact Header Examples

Method-Profile Examples

The following example shows the commands and output generated when you configure method-profiles.

Router# conf t

Router(config)# sbc umsbc-node3 

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip method-profile test1   ==> Configures new method profile

                                                       with name test1

Router(config-sbc-sbe-sip-mth)# method abcd ==> Adds a method abcd to method profile test1

                                                by default, abcd is whitelisted if applied

                                                to the adjacency

Router(config-sbc-sbe-sip-mth)# blacklist    ==> Blacklists abcd and allow methods other

                                                 than abcd on the adjacency

Router:Nov 13 17:43:11.124 : config[65761]: %MGBL-CONFIG-6-DB_COMMIT : Configuration 
committed by user 'username'. Use 'show configuration commit changes 1000000296' to view 
the changes. 

Router(config-sbc-sbe-sip-mth)# end

Router:Nov 13 17:43:14.866 : config[65761]: %MGBL-SYS-5-CONFIG_I : Configured from console 
by username 

This example shows the output for all method-profiles.

This command describes the available method-profiles which can be used by the adjacencies. By default, the "default" method-profile is configured implicitly and applied to both inbound and outbound directions of all the adjacencies. The default method profile is always active unless it is overwritten by a user-configured method-profile. "In use" explains whether the method-profile is used by any adjacency or not. When the value is Yes, the "default" method-profile is applied to all the adjacencies and is in use. However "test1" has been configured, but not applied to any of the adjacencies. Once you apply the test1 method-profile to any adjacency, test1 shows Yes in the "In use" field.

Router# show sbc test sbe sip method-profile

Method profiles for SBC service "test"

  Name                          In use

  ====================================

  test                           No

  mprof1                         No

  default                        Yes

  preset-acc-in-mth              No

  preset-std-in-mth              No

  preset-acc-out-mth             No

  preset-core-in-mth             No

  preset-std-out-mth             No

  preset-core-out-mth            No

  preset-ipsec-in-mth            No

  preset-ipsec-out-mth           No

  preset-ibcf-ext-in-mth         No

  preset-ibcf-int-in-mth         No

  preset-ibcf-utr-in-mth         No

  preset-ibcf-int-in-mth         No

  preset-ibcf-utr-in-mth         No

  preset-ibcf-ext-out-mth        No

  preset-ibcf-int-out-mth        No

  preset-ibcf-utr-out-mth        No

This example shows the output for the method-profiles test.

Router# show sbc test sbe sip method-profile test

  Method profile "test"

    Description: 

    Type:    Whitelist

    Methods:

      INVITE

        action as-profile

        map-status-code

          range 50X value 500

          range 60X value 600

       Not in use with any adjacencies

Router#

Applying Method-Profiles Example

The following examples show the commands and output generated when you are applying a method-profile to Cisco Unified Border Element (SP Edition).

The method-profile inbound test1 command applies method-profile "test1" on the inbound direction. It means that for all incoming messages, check for the method type "abcd." If the "abcd" method arrives, blacklist it and generate error code 405 Method Not Allowed. All other methods are allowed.

Router# conf t

Router(config)# sbc umsbc-node3 

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip sipp-10

Router(config-sbc-sbe-adj-sip)# method-profile inbound test1

Router:Nov 13 17:44:28.609 : config[65761]: %MGBL-CONFIG-6-DB_COMMIT : Configuration 
committed by user 'username'. Use 'show configuration commit changes 1000000297' to view 
the changes. 

Router(config-sbc-sbe-adj-sip)# end

Router:Nov 13 17:44:31.637 : config[65761]: %MGBL-SYS-5-CONFIG_I : Configured from console 
by username 

Router# show sbc umsbc-node3 sbe sip method-profile

Method profiles for SBC service "umsbc-node3"

  Name                          In use

  ====================================

  test1                          Yes

  testb                          No

Router# show sbc umsbc-node3 sbe sip method-profile test1

  Method profile "test1"

    Type:    Blacklist

    Methods:

      abcd

    In use by:

       Adjacency: sipp-10 (in)

Associating Predefined Header Profiles Example

This example shows how to ensure that the parameter myparm=myvalue is added to the request-line of an INVITE:

First, configure a parameter-profile for myparm:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip parameter-profile parmprof1

Router(config-sbc-sbe-sip-prm)# parameter myparm

Router(config-sbc-sbe-sip-prm-ele)# action add-not-present value myvalue

Then configure and associate with a method-profile:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip method-profile mthdprof1

Router(config-sbc-sbe-sip-mth)# method INVITE

Router(config-sbc-sbe-sip-prm-ele)# parameter-profile parmprof1

Finally, associate with an adjacency

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-adj-sip)# method-profile outbound mthdprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone;myparm=myvalue SIP/2.0

Associating Predefined Parameter Profiles Example

The following example shows how to ensure P-Asserted-Identity is always passed in an INVITE if it contains user=phone.

First, configure a header profile which references a P-Asserted-Identity header:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile hdrprof1

Router(config-sbc-sbe-sip-hdr)# header P-Asserted-Identity

Router(config-sbc-sbe-sip-hdr-ele)# action pass

Router(config-sbc-sbe-sip-hdr-ele-act)# condition header-value contains user=phone 

Then create and associate the header profile with a method-profile:

Router(config-sbc-sbe)# sip method-profile mthdprof1

Router(config-sbc-sbe-sip-mth)# method INVITE

Router(config-sbc-sbe-sip-prm-ele)# header-profile hdrprof1

Finally, associate with an adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-adj-sip)# method-profile outbound mthdprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

P-Asserted-Identity: "rob" <sip:1234567@cisco.com;user=phone>

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

P-Asserted-Identity: "rob" <sip:1234567@cisco.com;user=phone>

Associating Response Code Mapping Example

The following example shows how to create a status-code map so that all 5XX responses to an INVITE are mapped to 500.

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip method-profile mthdprof1

Router(config-sbc-sbe-sip-mth)# method INVITE

Router(config-sbc-sbe-sip-mth-ele)# map-status-code 

Router(config-sbc-sbe-sip-mth-ele-map)# range 5XX value 500

Finally, associate with an adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-adj-sip)# method-profile outbound mthdprof

At the inbound side:

SIP/2.0 501 Not Implemented

At the outbound side:

SIP/2.0 500 Internal Server Error

Configuring Header Profiles Example

The following example shows the commands and output generated when you configure the header profiles.

Router(config)# sbc umsbc-node3 sbe

Router(config-sbc-sbe)# sip header-profile EXAMPLE

Router(config-sbc-sbe-sip-hdr)# blacklist  

Router(config-sbc-sbe-sip-hdr)# header abcd

Router# show sbc sbc4 sbe sip header-profile EXAMPLE

  Header profile EXAMPLE

    Type:    Whitelist

    Headers:                          

      Cisco-Guid

        Entry 1:

          action add-first-header

      User-Agent:

        Entry 1:

          action as-profile 

      Remote-Party-ID

        Entry 1:

          action strip 

            condition header-value contains user=phone

        Entry 2:

          parameter-profile adduser

      P-Asserted-Identity

        Entry 1:

          action strip 

            condition header-value contains user=phone

      Organisation

        Entry 1:

          action replace-value value Cisco-Systems

            condition header-value contains MCI

    In use by:

       Adjacency: callgen100sip (in, out)

Applying Header Profiles Example

The following example shows the commands and output generated when you are applying a header profile to Cisco Unified Border Element (SP Edition).

Router# config t

Router(config)# sbc umsbc-node3 sbe

Router(config-sbc-sbe)# adjacency sip sipp-10

Router(config-sbc-sbe-adj-sip)# header-profile inbound test1

Router(config-sbc-sbe-adj-sip)# header-profile outbound test1

Router# show sbc umsbc-node3 sbe sip header-profile test1

  Header profile "test1"

    Type:    Blacklist

    Headers:

      abcd

    In use by:

       Adjacency: sipp-10 (in, out)

show running-config

sbc umsbc-node3

 sbe

  activate

sip header-profile test1

   blacklist

   header abcd

  !

  adjacency sip sipp-10

   header-profile inbound test1

   header-profile outbound test1

   signaling-address ipv4 88.88.109.8

   signaling-port 5060

   remote-address ipv4 10.10.105.222 255.255.255.255

   security trusted-encrypted

   signaling-peer 10.10.105.222

   signaling-peer-port 5060

   account sip-customer

Header Manipulation Examples

Example—Removing P-Asserted-Identity Header

The following example shows how to remove the header in any message if the header P-Asserted-Identity contains user=phone.

First, access the header:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header P-Asserted-Identity

Router(config-sbc-sbe-hdr-ele)# action strip

Router(config-sbc-sbe-hdr-ele-act)# condition header-value contains user=phone

Next, associate the header with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

P-Asserted-Identity: "rob" <sip:1234567@cisco.com;user=phone>

At the outbound side:

No P-Asserted-Identity header present

Add this condition in addition to a previous existing condition:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header P-Asserted-Identity

Router(config-sbc-sbe-hdr-ele)# entry 2

Router(config-sbc-sbe-hdr-ele)# action strip

Router(config-sbc-sbe-hdr-ele-act)# condition header-value contains user=phone

Finally, associate the header profile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

P-Asserted-Identity: "rob" <sip:1234567@cisco.com;user=phone>

At the outbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

<No P-Asserted-Identity header present>

Example—Removing Header Based on Condition in Another Header

The next example shows how to remove a header based on a condition in another header in the message. First, strip the P-Asserted-Identity header, but only if Call-Info: contains "telephone-event."

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header P-Asserted-Identity

Router(config-sbc-sbe-hdr-ele)# action strip

Router(config-sbc-sbe-hdr-ele-act)# condition header-name Call-Info header-value contains 
telephone-event

Then associate the headerprofile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

P-Asserted-Identity: "rob" <sip:1234567@cisco.com;user=phone>

...

Call-Info:  <sip:8985@10.131.132.6>;method="NOTIFY;Event=telephone-event;Duration=1000"

The result at the outbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

<No P-Asserted-Identity header present>

Example—Removing Organization Header from All Reponses

The next example removes an Organization header from all Responses:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header Organization

Router(config-sbc-sbe-hdr-ele)# action strip

Router(config-sbc-sbe-hdr-ele-act)# condition status-code eq 200

Associate the header-profile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

SIP/2.0 200 OK  

...                                                                                  
Allow: INVITE,ACK,PRACK,SUBSCRIBE,BYE,CANCEL,NOTIFY,INFO,REFER,UPDATE                        

At the outbound side:

SIP/2.0 200 OK 

... 

<No allow header present>

Example—Transforming a Header into Another Header

This example transforms one header into another header (Diversion into Hist-Info).

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header Diversion

Router(config-sbc-sbe-hdr-ele)# action replace-name value Hist-Info

Associate the header-profile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

Diversion: <sip:1234567@cisco.com>;reason=unconditional;counter=1;privacy=off

At the outbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

Hist-Info: <sip:1234567@cisco.com>;reason=unconditional;counter=1;privacy=off

Example—Outgoing Messages Contain a Specific Header

This example ensures all outgoing messages contain a specific header (Organization: Cisco.com).

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header Organization

Router(config-sbc-sbe-hdr-ele)# action add-first-header value cisco.com

Associate the header-profile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

<no Organization header present>

At the outbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

Organization: cisco.com

Example—Blacklisting a Header

This example blacklists a header (all instances are removed for any method/response).

---

Note This can only be performed against a header-profile type of blacklist

---

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr-ele)# blacklist

Router(config-sbc-sbe-sip-hdr)# header Organization 

Or:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe-hdr)# sip header-profile headprof1

Router(config-sbc-sbe-hdr-ele)# blacklist

Router(config-sbc-sbe-sip-hdr)# header Organization

Router(config-sbc-sbe-sip-hdr)# action as-profile

Associate the header-profile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

Organization: cisco.com

At the outbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

<no Organization: header present>

Example—Whitelisting a Header

This example whitelists a header (pass in all methods/responses).

---

Note This can only be specified against a whitelist type of profile which is a default profile and same as "no blacklist."

---

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header Organization 

Or:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header Organization

Router(config-sbc-sbe-hdr-ele)# action as-profile

Associate the header-profile with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

...

Organization: cisco.com

At the outbound side:

INVITE sip:1234567@cisco,com;user=phone SIP/2.0

... 

Organization: cisco.com 

Example—Passing a Date Header

This example passes a header (Date) conditionally in a 200 response.

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-hdr)# header Date

Router(config-sbc-sbe-hdr-ele)# action pass

Router(config-sbc-sbe-hdr-ele-act)# condition status-code eq 200

Associate with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

Ensure no other responses contain a Date: header

SIP/2.0 200 OK

...

Date: Mon, 01 Jan 2008 GMT

At the outbound side:-

SIP/2.0 200 OK

...

Date: Mon, 01 Jan 2008 GMT

Also try all responses containing a Date: header and ensure the 200 OK only contains one 

Example—Stripping Organization Headers in INVITE

This example strips all 'Organization' headers in an INVITE. To do this, a header-profile is created and then associated it with a method-profile.

---

Note Header-profiles can be associated with vital (essential) methods.

---

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headerprof1

Router(config-sbc-sbe-hdr)# blacklist

Router(config-sbc-sbe-hdr-ele)# header Organization 

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe) sip method-profile methodprof1

Router(config-sbc-sbe-sip-mth) blacklist

Router(config-sbc-sbe-sip-mth) method INVITE

Router(config-sbc-sbe-sip-mth-ele) header-profile headerprof1

Associate with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# method-profile outbound methodprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

Organization: cisco.com

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

<no Organization: header present>

Example—Applying Parameter Profile

This example applies a parameter profile to add user=phone into the request-line of an INVITE.

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip parameter-profile test

Router(config-sbc-sbe-sip-prm)# parameter user

Router(config-sbc-sbe-sip-prm-ele)# action add-not-present value phone

Associate with a method-profile:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe) sip method-profile test

Router(config-sbc-sbe-sip-mth) method INVITE

Router(config-sbc-sbe-sip-mth-ele) parameter-profile test

Associate with an adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# method-profile inbound headprof1

At the inbound side:

INVITE sip:1234567@cisco.com SIP/2.0

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

Example—Converting Remote-Party-ID or P-Preferred-Identity

This example converts Remote-Party-ID or From into P-Preferred-Identity. If the message is a request and Remote-Party-ID is present then it stores the username into a variable username. If the From header contains a sip: URI or Tel: URI, and Remote-Part-ID was not present then it stores the username into the variable username. Strips all P-Preferred-Identity, Remote-Party-ID's and P-Preferred-Identity headers and inserts a single P-Preferred-Identity header containing the stored username and a Privacy header based on info received:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# store-rule entry 1

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the RPID username in $username"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name Remote-Party-ID 
header-value extract user store-as username

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 2

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the privacy parameter in 
$rpid-privacy"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name Remote-Party-ID 
header-value extract parameter privacy store-as rpid_privacy

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 3

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the From sip uri in $username"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable username is-defined eq 
false

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name From header-uri 
is-sip-uri eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name From header-uri 
sip-uri-user store-as  username

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 4

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the From tel uri in $username"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable username is-defined eq 
false

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name From header-uri 
is-tel-uri eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name From header-uri 
tel-uri-user store-as username

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 5

Router(config-sbc-sbe-sip-hdr)# description "convert RPID param into Privacy header value"

Router(config-sbc-sbe-sip-hdr)# condition variable rpid_privacy is-defined eq true

Router(config-sbc-sbe-sip-hdr)# condition and variable rpid_privacy eq "off"

Router(config-sbc-sbe-sip-hdr)# condition and "none" store-as privacy

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 6

Router(config-sbc-sbe-sip-hdr-ele-act)# description "convert RPID param into Privacy 
header value"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable rpid_privacy is-defined eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable rpid_privacy eq "id" 

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and "user" store-as privacy

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# header P-Preferred-Identity entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action strip

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header P-Preferred-Identity entry 2

Router(config-sbc-sbe-sip-hdr-ele)# action add-first-header value 
"<sip:${username}@mydomain.com;user=phone>"

Router(config-sbc-sbe-sip-hdr-ele-act)# description "create a P-Preferred-Identity header"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable username is-defined eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header P-Asserted-Identity entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action strip

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header Remote-Party-ID entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action strip

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header Privacy entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action strip

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header Privacy entry 2

Router(config-sbc-sbe-sip-hdr-ele)# action add-first-header value "${privacy}"

Router(config-sbc-sbe-sip-hdr-ele-act)# description "create a privacy header if we have 
privacy info"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable privacy is-defined eq true

Associate with an inbound adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile inbound headprof1

Example—Using Directory Number Prefix to Set Privacy

This example shows how to use a directory number prefix to set privacy:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# store-rule entry 1

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the called party number from 
To"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name To is-tel-uri eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name To tel-uri-user store-as 
called-dn

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 2

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the called party number from 
To"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name To is-sip-uri eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and header-name To sip-uri-user store-as 
called-dn

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 3

Router(config-sbc-sbe-sip-hdr-ele-act)# description "set $privacy based on DN"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable privacy is-defined eq false

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable called_dn is-defined eq 
true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable called_dn regex-match 
"^184"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and "none" store-as privacy

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# store-rule entry 4

Router(config-sbc-sbe-sip-hdr-ele-act)# description "set $privacy based on DN"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable privacy is-defined eq false

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable called_dn is-defined eq 
true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable called_dn regex-match 
"^186"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and "user" store-as privacy

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# header Privacy entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action strip

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header Privacy entry 2

Router(config-sbc-sbe-sip-hdr-ele)# action add-first-header value "${privacy}"

Router(config-sbc-sbe-sip-hdr-ele-act)# description "create a privacy header if we have 
privacy info"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable privacy is-defined eq true

Associate with an inbound adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile inbound headprof1

Example—Stripping P-Called-Party-Identity

This example shows how to strip the P-Called-Party-Identity and modify the To: header based on its content:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# store-rule entry 1

Router(config-sbc-sbe-sip-hdr-ele-act)# description "store the P-Called-Party-Identity"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition header-name P-Called-Party-Identity 
header-value store-as pcpid

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# header P-Called-Party-Identity entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action strip

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header To entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action replace-value value "${pcpid}"

Router(config-sbc-sbe-sip-hdr-ele-act)# description "replace the To value"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable pcpid is-defined eq true

Associate with an outbound adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

Example—Replacing Outbound Request-line

This example shows how to replace the outbound request-line with host 172.1.1.1 if user = begins with 1234:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# store-rule entry 1

Router(config-sbc-sbe-sip-hdr-ele-act)# condition request-uri is-sip-uri eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and request-uri sip-uri-user store-as 
user

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr)# request-line entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action replace-value value "sip:${user}@172.1.1.1"

Router(config-sbc-sbe-sip-hdr-ele-act)# description "convert RPID param into Privacy 
header value"

Router(config-sbc-sbe-sip-hdr-ele-act)# condition is-request eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and request-uri is-sip-uri eq true

Router(config-sbc-sbe-sip-hdr-ele-act)# condition and request-uri sip-uri-user regex-match 
"^1234"

Associate with an outbound adjacency:

Router# configure terminal

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

Example—P-KT-UE-IP Header Support

The P-KT-UE-IP header is a type of private header that is supported as a type of SIP header manipulation. The examples in this section show how to remove any existing P-KT-UE-IP headers from all received messages and then replace them with a single P-KT-UE-IP header for INVITE and OOD requests. In the examples, the call is placed from adj1 to adj2.

The following shows how to configure a header profile with two entries. The first entry strips the "P-KT-UE-IP" header and the second entry adds the "P-KT-UE-IP" with a value set to the 18-character string ${msg.rmt_ip_addr}.

Router(config-sbc-sbe)# sip header-profile kt

Router(config-sbc-sbe-sip-hdr)# store-rule entry 1

Router(config-sbc-sbe-sip-hdr-ele)# condition adjacency signaling-peer store-as address

Router(config-sbc-sbe-sip-hdr-ele)# exit

Router(config-sbc-sbe-sip-hdr)# header P-KT-UE-IP

Router(config-sbc-sbe-sip-hdr-ele)# entry 1 action strip 

Router(config-sbc-sbe-sip-hdr-ele-act)# exit

Router(config-sbc-sbe-sip-hdr-ele)# entry 2 action add-header value "${address}"

The following applies the above header profile to the incoming adjacency as an inbound header profile.

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-adj-sip)# header-profile inbound kt

The following configures a header profile to allow passthrough of the "P-KT-UE-IP" header.

Router(config-sbc-sbe)# sip header-profile kt-pass

Router(config-sbc-sbe-sip-hdr)# header P-KT-UE-IP

Router(config-sbc-sbe-sip-hdr-ele)# action pass

The following applies the above header profile to the outgoing adjacency as an outbound header profile.

Router(config-sbc-sbe)# adjacency sip adj2

Router(config-sbc-sbe-adj-sip)# header-profile outbound kt-pass

Response Filtering Example

The following example drops SIP 183 provisional responses from a header profile based on matching the header * associated with inbound and outbound adjacencies.

First, create a header profile headprof1 to match on header * and drop the message:

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1 

Router(config-sbc-sbe-hdr)# header * 

Router(config-sbc-sbe-hdr-ele)# action drop-msg 

Router(config-sbc-sbehdr-ele-act)# condition status-code eq 183

Asssociate the profile headprof1 to the inbound side of an adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adjacencyA 

Router(config-sbc-sbe-adj-sip)# header-profile inbound headerprof1

Associate the profile headprof1 to the inbound and outbound sides of another adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe 

Router(config-sbc-sbe)# adjacency sip adjacencyB 

Router(config-sbc-sbe-adj-sip)# header-profile inbound headerprof1

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adjacencyB 

Router(config-sbc-sbe-adj-sip)# header-profile outbound headerprof1

Parameter Profile Examples

This example shows how to add a user=phone parameter into the To: header if one has not already been specified in a header.

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip parameter-profile parmprof1

Router(config-sbc-sbe-sip-prm)# parameter user

Router(config-sbc-sbe-sip-prm-ele)# action add-not-present value phone

Now add to a header profile:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# header To

Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile parmprof1

Now associate with an adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com>;tag=1234;

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=phone>;tag=1234

This example removes the 'user' parameter ('user=phone','user=fax' ...) from the To: header.

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip parameter-profile parmprof1

Router(config-sbc-sbe-sip-prm)# parameter user

Router(config-sbc-sbe-sip-prm-ele)# action strip

Add to a header profile:

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# header To

Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile parmprof1

Finally, associate with an adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=phone;tag=1234;

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com>;tag=1234

This example shows how to replace 'user=phone' parameter with user=fax or to add user=fax if a user parameter is not present in the header.

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip parameter-profile parmprof1

Router(config-sbc-sbe-sip-prm)# parameter user

Router(config-sbc-sbe-sip-prm-ele)# action add-or-replace value fax

Add to a header profile:

Router# configure

Router(config)# sbc test

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# header To

Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile parmprof1

Finally, associate with an adjacency:

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=phone;tag=1234;

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=fax>;tag=1234 

Or:

At the inbound side:-

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;tag=1234;

At the outbound side:-

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=fax>;tag=1234 

The next example adds 'user=phone' parameter if it is not already present in the header.

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip parameter-profile parmprof1

Router(config-sbc-sbe-sip-prm)# parameter user

Router(config-sbc-sbe-sip-prm-ele)# action add-not-present value phone

Add parameter-profile to a header profile:

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# sip header-profile headprof1

Router(config-sbc-sbe-sip-hdr)# header To

Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile parmprof1

Finally, associate with an adjacency

Router# configure

Router(config)# sbc test

Router(config-sbc) sbe

Router(config-sbc-sbe)# adjacency sip adj1

Router(config-sbc-sbe-sip)# header-profile outbound headprof1

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=fax;tag=1234;

At the outbound side:

No parameter added as a user parameter already exists

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com>;tag=1234 

Or:-

At the inbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;tag=1234;

At the outbound side:

INVITE sip:1234567@cisco.com;user=phone SIP/2.0

...

To: "rob" <sip:1234567@cisco.com;user=phone>;tag=1234 

Ability to Insert Firewall Parameter in SIP Contact Header Examples

This example adds a SIP parameter profile to remove or append the parameter called firewall:

Router(config-sbc-sbe)# sip parameter-profile proxy-param

Router(config-sbc-sbe-sip-prm)# parameter firewall

Router(config-sbc-sbe-sip-prm-ele)# action strip

Router(config-sbc-sbe-sip-prm-ele)# sip parameter-profile access-param

Router(config-sbc-sbe-sip-prm)# parameter firewall

Router(config-sbc-sbe-sip-prm-ele)# action add-or-replace value public-ip-address

This example adds a SIP header profile and associates the parameter profile with the header profile

Router(config-sbc-sbe-sip-prm-ele)# sip header-profile proxy

Router(config-sbc-sbe-sip-hdr)# header contact entry 1

Router(config-sbc-sbe-sip-hdr-ele)# action as-profile

Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile proxy-param

Router(config-sbc-sbe-sip-hdr-ele)# sip header-profile access

Router(config-sbc-sbe-sip-hdr)# header contact

Router(config-sbc-sbe-sip-hdr-ele)# entry 1 action as-profile

Router(config-sbc-sbe-sip-hdr-ele)# parameter-profile access-param

This example adds a SIP header profile to a SIP adjacency:

adjacency sip sip-proxy

      header-profile inbound proxy

      header-profile outbound access

      adjacency sip sip-user

      header-profile inbound access

      header-profile outbound proxy