Cisco ASA Series Cli Configuration Manual page 1151

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Configuration manual (429 pages)

Getting started (31 pages)

Mount and connect (12 pages)

Table of Contents

Configuring Inspection for Voice and Video Protocols

The following example shows how to configure phone number filtering:

hostname(config)# regex caller 1 "5551234567"

hostname(config)# regex caller 2 "5552345678"

hostname(config)# regex caller 3 "5553456789"

hostname(config)# class-map type inspect h323 match-all h323_traffic

hostname(config-pmap-c)# match called-party regex caller1

hostname(config-pmap-c)# match calling-party regex caller2

hostname(config)# policy-map type inspect h323 h323_map

hostname(config-pmap)# parameters

hostname(config-pmap-p)# class h323_traffic

hostname(config-pmap-c)# drop

Configuring H.323 and H.225 Timeout Values

To configure the idle time after which an H.225 signalling connection is closed, use the timeout h225

command. The default for H.225 timeout is one hour.

To configure the idle time after which an H.323 control connection is closed, use the timeout h323

command. The default is five minutes.

Verifying and Monitoring H.323 Inspection

This section describes how to display information about H.323 sessions. This section includes the

following topics:

hostname(config-h225-map-hsi-grp)# hsi ip_address

Where ip_address is the host to add. A maximum of five hosts per hsi group are allowed.

To add an endpoint to the hsi group, enter the following command in hsi group configuration

hostname(config-h225-map-hsi-grp)# endpoint ip_address if_name

Where ip_address is the endpoint to add and if_name is the interface through which the endpoint

is connected to the security appliance. A maximum of ten endpoints per hsi group are allowed.

To check RTP packets flowing on the pinholes for protocol conformance, enter the following

hostname(config-pmap-p)# rtp-conformance [enforce-payloadtype]

Where the enforce-payloadtype keyword enforces the payload type to be audio or video based on

the signaling exchange.

To enable state checking validation, enter the following command:

hostname(config-pmap-p)# state-checking {h225 | ras}

Monitoring H.225 Sessions, page 1-10

Monitoring H.245 Sessions, page 1-10

Monitoring H.323 RAS Sessions, page 1-11

Cisco ASA Series CLI Configuration Guide

H.323 Inspection

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Cisco ASA Series Cli Configuration Manual page 1151

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco ASA Series

Related Products for Cisco ASA Series

This manual is also suitable for:

Table of Contents