We have had mixed success with the use of H239 while H323 inspection is enabled on an ASA running 8.0(4) code. The endpoints are a Polycom PVX behind the ASA (HostB) and another PVX endpoint which is not behind any firewall (HostA). Both endpoints are bridged through a Codian MCU which is also not behind a firewall. The MCU and HostA are on a lower security interface (outside) the HostB (inside). With H323 inspection enabled and the PVX software configured aware of it's NAT'd address, H239 content cannot be seen when initiated from HostA. The content channel opens, but no content is actually received. If HostB first opens a content channel to HostA and shares a desktop image then closes it off, HostA can then initiate an H239 connection and share content successfully.
With H323 inspection turned off, content works from both sides at all times. The access list in place between the two endpoints is permit ip HostA HostB placed inbound on the outside interface and permit ip any any placed inbound on the inside interface.
Has anyone had a similar issue with H323 inspection and H239 content? Thanks in advance.