What port number is the h323 literal using? The documentation is missing the entry for this, and it could be multiple different ports.
Or, is there any way to suppress the literal names and just get the original ports numbers when doing a 'show access-list'?
See link for listing of all ports, do a search for h323 (there are a few): http://www.iana.org/assignments/port-numbers
If you ever think you are missing something, put a sniffer on and look whats going on. Also, you can place at the end of your acl "deny ip any any log" and look at your syslog or "show log" to see what you are blocking. If you find you are blocking something you want, change your acl to allow it. If your happy with your acl, you can then remove the line.
And no I don't think you can change the names to just ports in an acl.
I've checked the iana link already, its a long time favorite. And thats why I'm asking here, since the h323 literal could cover so many ports. I'm documenting a firewall config for a client, and I'm just trying to track down what specific port the h323 literal actually allows.
The port used for call setup (H.225.0 / Q.931) is TCP 1720. The called party return port is dynamic (ie >1026). The calling party then connects to this port and a series of messages are exchanged where the two parties agree on which end will be the master and what their mutual capabilities are. Also, they open the logical channels that are used for media transmission. These ports (UDP) are dynamically allocated. Data services (chat, whiteboard etc) are also set up during this phase. Again, port allocation is dynamic, but convention suggests that 1503 (TCP) is used.
There are other ports involved when a gatekeeper is used - 1718 and 1719 UDP.
Here is a list I found once:
port 1720/tcp H.323 call setup
dynamic/tcp H.323 call control
dynamic/udp H.323 streaming