I have a pix 501 and 4 video conference units. I have static nat setup for them and allow inbound any network with range 1024-65535. Are there any tips or configs to make sure those h323 packets/frames traverse the firewall as quickly as possible? Should I leave or disable these statements:
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
since I have those ports open with the acl? Should I alter these statements:
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
I was wondering if there was anyway to turn off packet inspection for h323 connections other than the checking the acl. If you need anymore info let me know, thanks in advance.