Configuring H.323 And H.225 Timeout Values - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Application Layer Protocol Inspection
f.
g.
The following example shows how to configure phone number filtering:
hostname(config)# regex caller 1 "5551234567"
hostname(config)# regex caller 2 "5552345678"
hostname(config)# regex caller 3 "5553456789"
hostname(config)# class-map type inspect h323 match-all h323_traffic
hostname(config-pmap-c)# match called-party regex caller1
hostname(config-pmap-c)# match calling-party regex caller2
hostname(config)# policy-map type inspect h323 h323_map
hostname(config-pmap)# parameters
hostname(config-pmap-p)# class h323_traffic
hostname(config-pmap-c)# drop
Configuring H.323 and H.225 Timeout Values
To configure the idle time after which an H.225 signalling connection is closed, use the timeout h225
command. The default for H.225 timeout is one hour.
To configure the idle time after which an H.323 control connection is closed, use the timeout h323
command. The default is five minutes.
Verifying and Monitoring H.323 Inspection
This section describes how to display information about H.323 sessions. This section includes the
following topics:
•
•
•
Monitoring H.225 Sessions
The show h225 command displays information for H.225 sessions established across the security
appliance. Along with the debug h323 h225 event, debug h323 h245 event, and show local-host
commands, this command is used for troubleshooting H.323 inspection engine issues.
OL-10088-01
To check RTP packets flowing on the pinholes for protocol conformance, enter the following
command:
hostname(config-pmap-p)# rtp-conformance [enforce-payloadtype]
Where the enforce-payloadtype keyword enforces the payload type to be audio or video based on
the signaling exchange.
To enable state checking validation, enter the following command:
hostname(config-pmap-p)# state-checking {h225 | ras}
Monitoring H.225 Sessions, page 25-41
Monitoring H.245 Sessions, page 25-42
Monitoring H.323 RAS Sessions, page 25-43
Cisco Security Appliance Command Line Configuration Guide
H.323 Inspection
25-41
Advertisement
Table of Contents
Troubleshooting
