cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1882
Views
0
Helpful
3
Replies

ASA H323 inspection

mj11
Level 3
Level 3

Hi All

I am hoping someone is able to help me with the following, I have checked the Cisco site to no avail.

We have a requirement to disable H323 inspection on a set of access-list  on the Cisco ASA firewall for a video conferencing solution however the firewall still needs to have it enabled as part of the default inspection policy.

Any help much appreciated.

Thanks MJ

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Create a class-map with an access list match criterion that excludes the network addresses you don't want inspected and then tell a policy map to inspect using the H.323. inspection the traffic that matches that class-map.

Apply to the appropriate interface with a service policy.

Hi Marvin

Thank you for the information. The dynamic nature of the H323 does anyone know how the access list would look?

Thanks MJ

You could do something like the following:

access-list filter-list extended deny tcp 1.1.1.0 255.255.255.0 any eq h323

access-list filter-list extended deny udp 1.1.1.0 255.255.255.0 any range 1718 1719

access-list filter-list extended permit tcp any any eq h323

access-list filter-list extended permit udp any any range 1718 1719

Then apply it to the global policy map.

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: