38-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 38 Configuring Inspection for Voice and Video Protocols
H.323 Inspection
• Static PAT may not properly translate IP addresses embedded in optional fields within H.323
messages. If you experience this kind of problem, do not use static PAT with H.323.
• H.323 application inspection is not supported with NAT between same-security-level interfaces.
• When a NetMeeting client registers with an H.323 gatekeeper and tries to call an H.323 gateway that
is also registered with the H.323 gatekeeper, the connection is established but no voice is heard in
either direction. This problem is unrelated to the adaptive security appliance.
• If you configure a network static address where the network static address is the same as a
third-party netmask and address, then any outbound H.323 connection fails.
Select H.323 Map
The Select H.323 Map dialog box lets you select or create a new H.323 map. An H.323 map lets you
change the configuration values used for H.323 application inspection. The Select H.323 Map table
provides a list of previously configured maps that you can select for application inspection.
Fields
• Use the default H.323 inspection map—Specifies to use the default H.323 map.
• Select an H.323 map for fine control over inspection—Lets you select a defined application
inspection map or add a new one.
• Add—Opens the Add Policy Map dialog box for the inspection.
Modes
The following table shows the modes in which this feature is available:
H.323 Class Map
The H.323 Class Map pane lets you configure H.323 class maps for H.323 inspection.
An inspection class map matches application traffic with criteria specific to the application. You then
identify the class map in the inspect map and enable actions. The difference between creating a class
map and defining the traffic match directly in the inspect map is that you can create more complex match
criteria and you can reuse class maps. The applications that support inspection class maps are DNS, FTP,
H.323, HTTP, IM, and SIP.
Fields
• Name—Shows the H.323 class map name.
• Match Conditions—Shows the type, match criterion, and value in the class map.
–
Match Type—Shows the match type, which can be a positive or negative match.
–
Criterion—Shows the criterion of the H.323 class map.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
Need help?
General
