07-11-2013 09:19 AM - edited 03-10-2019 12:04 AM
Hi, I trying to apply this to make sure only inspect h323 traffic in a single host (that's a Video Conference host), but don't works. Only works when I applied the inspect in the inspection_default class.
Here is the config:
access-list 100 extended permit ip host x.x.x.x any
access-list 100 extended permit ip any host x.x.x.x
class-map h223_VC
match access-list 100
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect ip-options
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect pptp
inspect icmp
inspect netbios
inspect icmp error
class h223_VC
inspect h323 h225
It´s possible? or is something wrong?
Thanks a lot for your help
07-12-2013 03:53 PM
Hi,
When you have it in the global policy you only H323 H225 or you also have H323 ras?
What do you see if you run this commands?
packet-tracer input
sho service-policy flow tcp host
How do you test it?
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
07-12-2013 04:10 PM
Hi Luis thanks for response,
No, only have h323 h225.
When Its applied in the inspection_default class, the video works in both directions, but when I remove it, and apply in a single class (with desire criteria), the video only works in one way. It's same result, when I remove the inspection from the inspection_default class.
Un saludo.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide