Re: ASA inspection_default Disable

Yun Ho Ko · ‎08-05-2020

Hello

I want to disable h323 h225 in the ASA firewall policy-map global_policy.

class-map inspection_default
match default-inspection-traffic

policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options

However, if you look at the attached file, h323 communication in Policy-map global_policy is matched in Class-map as shown above, so it is unlikely that h323 communication will be possible if you disable inspect h323.

If you disable inspect h323, does it affect H323 communication?

And will Disabe service-policy global_policy global affect other services?

Thank you

Mohammed al Baqari · ‎08-05-2020

Hi,

H323 communication will continue without the inspection. This inspection
will replace CUCM IP in H323 messages (SETUP, PROGRESS, etc) with ASA IPs.
If both parties can reach each other, you won't need the inspection and the
communication should work.

**** please remember to rate useful posts

Yun Ho Ko · ‎08-05-2020

Thank you for answer.

Let's apply it to Policy-map global_policy.

Thank you.