cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

455
Views
5
Helpful
2
Replies
Highlighted
Beginner

ASA inspection_default Disable

Hello

I want to disable h323 h225 in the ASA firewall policy-map global_policy.

 

class-map inspection_default
 match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options

However, if you look at the attached file, h323 communication in Policy-map global_policy is matched in Class-map as shown above, so it is unlikely that h323 communication will be possible if you disable inspect h323.

 

If you disable inspect h323, does it affect H323 communication?

 

And will Disabe service-policy global_policy global affect other services?

 

Thank you

2 REPLIES 2
Highlighted
VIP Advisor

Hi,

H323 communication will continue without the inspection. This inspection
will replace CUCM IP in H323 messages (SETUP, PROGRESS, etc) with ASA IPs.
If both parties can reach each other, you won't need the inspection and the
communication should work.

**** please remember to rate useful posts
Highlighted

Thank you for answer.

Let's apply it to Policy-map global_policy.

Thank you.
Content for Community-Ad