Enabling And Configuring H.323 Inspection - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
Table 22-5
Command
hsi-group
hsi
endpoint
Enabling and Configuring H.323 Inspection
H.323 inspection is enabled by default.
To enable H.323 inspection, including the optional use of an H.225 map, perform the following steps:
To define an access list with ACEs that identify the ports required for H.323 traffic, enter the following
Step 1
command for each ACE:
hostname(config)# access-list acl-name permit {udp | tcp} any any eq port
where acl-name is the name you assign to the access list and port is the H.323 port that the ACE
identifies.
The standard ports are UDP ports 1718 and 1719 and TCP port 1720.
Step 2
Create a class map or modify an existing class map to identify H.323 traffic. Use the class-map
command to do so, as follows.
hostname(config)# class-map class_map_name
hostname(config-cmap)#
where class_map_name is the name of the traffic class. When you enter the class-map command, the
CLI enters class map configuration mode.
Use a match access-list command to identify H.323 traffic with the access list you created in
Step 3
hostname(config-cmap)# match access-list acl-name
(Optional) If required by your network topology, configure an H.225 map. For more information about
Step 4
whether your network requires an H.225 map, see the
section on page
a.
b.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
H.225 Configuration Commands
Configuration mode
H.225 map
configuration mode
HSI group
configuration mode
HSI group
configuration mode
22-50. To create and configure an H.225 map, perform the following steps.
Create an H.225 map.
hostname(config)# h225-map map_name
hostname(config-h225-map)#
The system enters H.225 map configuration mode and the CLI prompt changes accordingly.
Identify an HSI group. To do so, use the hsi-group command, as follows.
hostname(config-h225-map)# hsi-group group_ID
hostname(config-h225-map-hsi-grp)#
where group_ID is a number, from 0 to 2147483647, that identifies the HSI group.
Description
Defines an HSI group and enables HSI group configuration
mode. Each HSI group can contain a maximum of ten
endpoints.
Identifies the HSI.
Identifies one or more endpoints within the HSI group.
"Topologies Requiring H.225 Configuration"
H.323 Inspection
Step
1.
22-51
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
