Monitoring H.245 Sessions - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Application Layer Protocol Inspection
The following is sample output from the show h225 command:
hostname# show h225
Total H.323 Calls: 1
1 Concurrent Call(s) for
0 Concurrent Call(s) for
This output indicates that there is currently 1 active H.323 call going through the security appliance
between the local endpoint 10.130.56.3 and foreign host 172.30.254.203, and for these particular
endpoints, there is 1 concurrent call between them, with a CRV for that call of 9861.
For the local endpoint 10.130.56.4 and foreign host 172.30.254.205, there are 0 concurrent calls. This
means that there is no active call between the endpoints even though the H.225 session still exists. This
could happen if, at the time of the show h225 command, the call has already ended but the H.225 session
has not yet been deleted. Alternately, it could mean that the two endpoints still have a TCP connection
opened between them because they set "maintainConnection" to TRUE, so the session is kept open until
they set it to FALSE again, or until the session times out based on the H.225 timeout value in your
configuration.
Monitoring H.245 Sessions
The show h245 command displays information for H.245 sessions established across the security
appliance by endpoints using slow start. Slow start is when the two endpoints of a call open another TCP
control channel for H.245. Fast start is where the H.245 messages are exchanged as part of the H.225
messages on the H.225 control channel.) Along with the debug h323 h245 event, debug h323 h225
event, and show local-host commands, this command is used for troubleshooting H.323 inspection
engine issues.
The following is sample output from the show h245 command:
hostname# show h245
Total: 1
1
There is currently one H.245 control session active across the security appliance. The local endpoint is
10.130.56.3, and we are expecting the next packet from this endpoint to have a TPKT header because
the TPKT value is 0. The TKTP header is a 4-byte header preceding each H.225/H.245 message. It gives
the length of the message, including the 4-byte header. The foreign host endpoint is 172.30.254.203, and
we are expecting the next packet from this endpoint to have a TPKT header because the TPKT value is 0.
The media negotiated between these endpoints have an LCN of 258 with the foreign RTP IP address/port
pair of 172.30.254.203/49608 and an RTCP IP address/port of 172.30.254.203/49609 with a local RTP
IP address/port pair of 10.130.56.3/49608 and an RTCP port of 49609.
The second LCN of 259 has a foreign RTP IP address/port pair of 172.30.254.203/49606 and an RTCP
IP address/port pair of 172.30.254.203/49607 with a local RTP IP address/port pair of
10.130.56.3/49606 and RTCP port of 49607.
OL-12172-03
Local:
10.130.56.3/1040
1. CRV 9861
Local:
10.130.56.3/1040
Local:
10.130.56.4/1050
LOCAL
TPKT
10.130.56.3/1041
MEDIA: LCN 258 Foreign 172.30.254.203 RTP 49608 RTCP 49609
Local
MEDIA: LCN 259 Foreign 172.30.254.203 RTP 49606 RTCP 49607
Local
Foreign: 172.30.254.203/1720
Foreign: 172.30.254.203/1720
Foreign: 172.30.254.205/1720
FOREIGN
TPKT
0
172.30.254.203/1245
10.130.56.3 RTP 49608 RTCP 49609
10.130.56.3 RTP 49606 RTCP 49607
Cisco Security Appliance Command Line Configuration Guide
H.323 Inspection
0
25-43
Advertisement
Table of Contents
Troubleshooting
