Cisco ASA Series Configuration Manual page 328
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
H.323 Inspection
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
Set one or more parameters. You can set the following options; use the no form of the command to
b.
disable the option:
•
•
•
•
•
•
While still in parameter configuration mode, you can configure HSI groups.
Step 6
Define an HSI group and enter HSI group configuration mode.
a.
hostname(config-pmap-p)# hsi-group id
Where id is the HSI group ID. Range is from 0 to 2147483647.
Add an HSI to the HSI group using the IP address. You can add a maximum of five hosts per HSI
b.
group.
hostname(config-h225-map-hsi-grp)# hsi ip_address
Add an endpoint to the HSI group.
c.
hostname(config-h225-map-hsi-grp)# endpoint ip_address if_name
Where ip_address is the endpoint to add and if_name is the interface through which the endpoint is
connected to the ASA. You can add a maximum of ten endpoints per HSI group.
Example
The following example shows how to configure phone number filtering:
hostname(config)# regex caller 1 "5551234567"
hostname(config)# regex caller 2 "5552345678"
hostname(config)# regex caller 3 "5553456789"
hostname(config)# class-map type inspect h323 match-all h323_traffic
hostname(config-pmap-c)# match called-party regex caller1
hostname(config-pmap-c)# match calling-party regex caller2
hostname(config)# policy-map type inspect h323 h323_map
hostname(config-pmap)# parameters
hostname(config-pmap-p)# class h323_traffic
Cisco ASA Series Firewall CLI Configuration Guide
14-8
ras-rcf-pinholes enable—Enables call setup between H.323 endpoints. You can enable call
setup between H.323 endpoints when the Gatekeeper is inside the network. Use this option to
open pinholes for calls based on the RegistrationRequest/RegistrationConfirm (RRQ/RCF)
messages. Because these RRQ/RCF messages are sent to and from the Gatekeeper, the calling
endpoint's IP address is unknown and the ASA opens a pinhole through source IP address/port
0/0. By default, this option is disabled.
timeout users time—Sets the H.323 call duration limit (in hh:mm:ss format). To have no
timeout, specify 00:00:00. Range is from 0:0:0 to 1193:0;0.
call-party-number—Enforces sending call party number during call setup.
h245-tunnel-block action {drop-connection | log}—Enforces H.245 tunnel blocking. Specify
whether you want to drop the connection or simply log it.
rtp-conformance [enforce-payloadtype]—Checks RTP packets flowing on the pinholes for
protocol conformance. The optional enforce-payloadtype keyword enforces the payload type
to be audio or video based on the signaling exchange.
state-checking {h225 | ras}—Enables state checking validation. You can enter the command
separately to enable state checking for H.225 and RAS.
Chapter 14
Inspection for Voice and Video Protocols
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
