cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2947
Views
5
Helpful
6
Replies

ASA H.323 disconnecting after 2 hours

acomiskey
Level 10
Level 10

ASA 8.0.2

h323 sessions are disconnecting after 2 hours. I have tried to fix this with the following...

timeout h323 0:00:00 h225 0:00:00

and

access-list h323_timeout extended permit tcp any any eq h323

class-map h323-timeout

description h323

match access-list h323_timeout

policy-map global_policy

class h323-timeout

set connection timeout tcp 0:00:00

Neither have worked. Any suggestions?

1 Accepted Solution
6 Replies 6

Farrukh Haroon
VIP Alumni
VIP Alumni

Are you inspecting H.323 in the global policy?

You can check by issuing the following command:

show run all policy-map

Also have a look at the following:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i2.html#wp1704171

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1229306

Regards

Farrukh

No, I had to disable h323 inspection to get a polycom to work. Does this effect the ability to set a timeout?

As you know H.323 is opening dynamic connections (which comprise of both UDP and TCP). I don't know much about the Polycom implementation tough. By disabling inspection, I don't know if the firewall will be able to correlate the various control/data flows that comprise a single call (TCP / UDP) and apply the appropriate timeout.

Regards

Farrukh

Thanks for checking into that for me. I'll give the timeout xlate command a try.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: