Cisco ASA 5506-X Configuration Manual page 195
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Chapter 8
Inspection for Voice and Video Protocols
The following is sample output from the show xlate debug command for these CTIBQE connections:
hostname# show xlate debug
3 in use, 3 most used
Flags:
TCP PAT from inside:10.0.0.99/1117 to outside:172.29.1.99/1025 flags ri idle 0:00:22
timeout 0:00:30
UDP PAT from inside:10.0.0.99/16908 to outside:172.29.1.99/1028 flags ri idle 0:00:00
timeout 0:04:10
UDP PAT from inside:10.0.0.99/16909 to outside:172.29.1.99/1029 flags ri idle 0:00:23
timeout 0:04:10
The show conn state ctiqbe command displays the status of CTIQBE connections. In the output, the
media connections allocated by the CTIQBE inspection engine are denoted by a 'C' flag. The following
is sample output from the show conn state ctiqbe command:
hostname# show conn state ctiqbe
1 in use, 10 most used
hostname# show conn state ctiqbe detail
1 in use, 10 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
H.323 Inspection
The following sections describe the H.323 application inspection.
•
•
•
•
•
•
•
H.323 Inspection Overview
H.323 inspection provides support for H.323 compliant applications such as Cisco CallManager and
VocalTec Gatekeeper. H.323 is a suite of protocols defined by the International Telecommunication
Union for multimedia conferences over LANs. The ASA supports H.323 through Version 6, including
H.323 v3 feature Multiple Calls on One Call Signaling Channel.
With H.323 inspection enabled, the ASA supports multiple calls on the same call signaling channel, a
feature introduced with H.323 Version 3. This feature reduces call setup time and reduces the use of ports
on the ASA.
D - DNS, d - dump, I - identity, i - inside, n - no random,
r - portmap, s - static
B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
E - outside back connection, F - outside FIN, f - inside FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
i - incomplete, J - GTP, j - GTP data, k - Skinny media,
M - SMTP data, m - SIP media, O - outbound data, P - inside back connection,
q - SQL*Net data, R - outside acknowledged FIN,
R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
H.323 Inspection Overview, page 8-3
How H.323 Works, page 8-4
H.239 Support in H.245 Messages, page 8-5
Limitations for H.323 Inspection, page 8-5
Configure H.323 Inspection, page 8-6
Configuring H.323 and H.225 Timeout Values, page 8-10
Verifying and Monitoring H.323 Inspection, page 8-10
Cisco ASA Series Firewall CLI Configuration Guide
H.323 Inspection
8-3
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
