https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345950#M344308 <P>Hi All</P><P></P><P>I am hoping someone is able to help me with the following, I have checked the Cisco site to no avail.</P><P></P><P><SPAN style="font-size: 10pt;"></SPAN></P><P>We have a requirement to disable H323 inspection on a set of access-list&nbsp; on the Cisco ASA firewall for a video conferencing solution however the firewall still needs to have it enabled as part of the default inspection policy.</P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt; "> </SPAN>Any help much appreciated.</P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt; ">Thanks MJ</SPAN></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt; "> </SPAN></P><P></P> Tue, 12 Mar 2019 02:28:22 GMT mj11 2019-03-12T02:28:22Z https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345950#M344308 <P>Hi All</P><P></P><P>I am hoping someone is able to help me with the following, I have checked the Cisco site to no avail.</P><P></P><P><SPAN style="font-size: 10pt;"></SPAN></P><P>We have a requirement to disable H323 inspection on a set of access-list&nbsp; on the Cisco ASA firewall for a video conferencing solution however the firewall still needs to have it enabled as part of the default inspection policy.</P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt; "> </SPAN>Any help much appreciated.</P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt; ">Thanks MJ</SPAN></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt; "> </SPAN></P><P></P> Tue, 12 Mar 2019 02:28:22 GMT https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345950#M344308 mj11 2019-03-12T02:28:22Z https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345951#M344309 <HTML><HEAD></HEAD><BODY><P>Create a class-map with an access list match criterion that excludes the network addresses you don't want inspected and then tell a policy map to inspect using the H.323. inspection the traffic that matches that class-map. </P><P></P><P>Apply to the appropriate interface with a service policy.</P></BODY></HTML> Wed, 21 Aug 2013 04:13:20 GMT https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345951#M344309 Marvin Rhoads 2013-08-21T04:13:20Z https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345952#M344310 <HTML><HEAD></HEAD><BODY><P> Hi Marvin</P><P></P><P>Thank you for the information. The dynamic nature of the H323 does anyone know how the access list would look?</P><P></P><P>Thanks MJ</P></BODY></HTML> Fri, 23 Aug 2013 17:35:54 GMT https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345952#M344310 mj11 2013-08-23T17:35:54Z https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345953#M344311 <HTML><HEAD></HEAD><BODY><P>You could do something like the following:</P><P></P><P>access-list filter-list extended deny tcp 1.1.1.0 255.255.255.0 any eq h323</P><P>access-list filter-list extended deny udp 1.1.1.0 255.255.255.0 any range 1718 1719</P><P>access-list filter-list extended permit tcp any any eq h323</P><P>access-list filter-list extended permit udp any any range 1718 1719</P><P></P><P>Then apply it to the global policy map.</P></BODY></HTML> Fri, 23 Aug 2013 18:29:29 GMT https://community.cisco.com/t5/network-security/asa-h323-inspection/m-p/2345953#M344311 Marius Gunnerud 2013-08-23T18:29:29Z