Configuring H.323 And H.225 Timeout Values; Verifying And Monitoring H.323 Inspection - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
Example 22-8 Configuring H.323 Inspection without an H.225 Map
You enable the H.323 inspection engine as shown in the following example, which creates a class map
to match H.323 traffic on the default port (1720). The service policy is then applied to the outside
interface.
hostname(config)# access-list h323_acl permit udp any any eq 1718
hostname(config)# access-list h323_acl permit udp any any eq 1719
hostname(config)# access-list h323_acl permit tcp any any eq 1720
hostname(config)# class-map h323-traffic
hostname(config-cmap)# match access-list h323_acl
hostname(config-cmap)# policy-map sample_policy
hostname(config-pmap)# class h323_port
hostname(config-pmap-c)# inspect h323 ras
hostname(config-pmap-c)# inspect h323 h225
hostname(config-pmap-c)# service-policy sample_policy interface outside
hostname(config)#
Example 22-9
Example 22-9 Configuring H.323 Inspection with an H.225 Map
hostname(config)# access-list h323_acl permit udp any any eq 1718
hostname(config)# access-list h323_acl permit udp any any eq 1719
hostname(config)# access-list h323_acl permit tcp any any eq 1720
hostname(config)# class-map h323-traffic
hostname(config-cmap)# match access-list h323_acl
hostname(config-cmap)# h225-map sample_map
hostname(config-h225-map)# hsi-group 1
hostname(config-h225-map-hsi-grp)# hsi 10.10.15.11
hostname(config-h225-map-hsi-grp)# endpoint 10.3.6.1 inside
hostname(config-h225-map-hsi-grp)# endpoint 10.10.25.5 outside
hostname(config-h225-map-hsi-grp)# policy-map sample_policy
hostname(config-pmap)# class h323_port
hostname(config-pmap-c)# inspect h323 ras
hostname(config-pmap-c)# inspect h323 h225 sample_map
hostname(config-pmap-c)# service-policy sample_policy interface outside
hostname(config)#
Configuring H.323 and H.225 Timeout Values
To configure the idle time after which an H.225 signalling connection is closed, use the timeout h225
command. The default for H.225 timeout is one hour.
To configure the idle time after which an H.323 control connection is closed, use the timeout h323
command. The default is five minutes.
Verifying and Monitoring H.323 Inspection
This section describes how to display information about H.323 sessions. This section includes the
following topics:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
includes an H.225 map with two HSI groups, as part of the overall H.323 configuration.
Monitoring H.225 Sessions, page 22-54
Monitoring H.245 Sessions, page 22-54
Monitoring H.323 RAS Sessions, page 22-55
H.323 Inspection
22-53
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
