I am hoping someone is able to help me with the following, I have checked the Cisco site to no avail.
We have a requirement to disable H323 inspection on a set of access-list on the Cisco ASA firewall for a video conferencing solution however the firewall still needs to have it enabled as part of the default inspection policy.
Any help much appreciated.
Create a class-map with an access list match criterion that excludes the network addresses you don't want inspected and then tell a policy map to inspect using the H.323. inspection the traffic that matches that class-map.
Apply to the appropriate interface with a service policy.
You could do something like the following:
access-list filter-list extended deny tcp 184.108.40.206 255.255.255.0 any eq h323
access-list filter-list extended deny udp 220.127.116.11 255.255.255.0 any range 1718 1719
access-list filter-list extended permit tcp any any eq h323
access-list filter-list extended permit udp any any range 1718 1719
Then apply it to the global policy map.