What is the value of the 'inspect h.323' settings?

Unanswered Question
Mar 20th, 2009

We have a group using a Polycom Bridge that has always had problems with remote users using hardware devices to connect to the Bridge from off-campus. All devices on-campus and all software clients are fine.

We did some testing yesterday, and when we remove the 'inspect h.323 h225' and 'inspect h.323 ras' settings the problem disappears.

It seems that this is a global setting that is either on or off. I am hesitant to permanently disable this inspection without knowing what effect this might have on other h.323 traffic. After reading the Cisco docs, it appears that this inspect setting actually helps h.323 traffic - so what negative effects, if any will we see if we disable these two inspect settings?

Anyone have some advice for us?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jan.nielsen Fri, 03/20/2009 - 06:54

Well, if you haven't opened in your asa acls all the udp ports used for rtp streams, negotiated by h.323, then they will be blocked, inspect h.323 allows the ASA to look into the call control to see who is calling who, and what udp ports to expect to receive a call on, and then dynamically open that in the filter.

lynne.meeks Fri, 03/20/2009 - 07:56

Thanks, Jan. That makes sense.

So I am reluctant to disable this inspection cuz I don't want to open that many ports...

The Polycom folks indicated that this is an issue with h.329. Is there any way to resolve the issue without turning off inspection altogether?

thanks- Lynne


This Discussion