ASA and H.323

supro · ‎02-18-2010

Hello, colleagues,

I have some problems with configuring H.323 on ASA 5505 Version 7.2(1)

At the inside network there is a H.323 gateway with address 192.168.1.8

Static NAT is made that outside address X.X.X.X is forwarded to the inside address:

static (inside,outside) X.X.X.X 192.168.1.8 netmask 255.255.255.255

ACL allow to pass traffic from particular H.323 gateways at the outside network.

There are inspect commands:

policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras

I run :

debug h323 h225 asn
debug h323 h225 event
debug h323 h245 asn
debug h323 h245 event

I see that ASA accept H.225 SETUP message, forward it to the inside address, received CALL PROCESSING from inside gateway, but don't forward it to the outside originating gateway.

After a period of time the outside originating gateway sends releaseComplete.

How to fix this issue? Is it possible that H.323 gateway at an inside network behind ASA works correctly with outside gateways?

I attached the debug output from the ASA.

Thanks

Panos Kampanakis · ‎02-18-2010

7.2.1 had some h323 inspection issues.

I would suggest to upgrade and try again.

I hope it helps.

PK

Kureli Sankar · ‎02-18-2010

Probably CSCsm17247 resolved in 7.2.4

http://tools.cisco.com/Support/BugToolKit/

you can go to the above link login with your CCO ID and then key in this defect ID CSCsm17247

-KS

supro · ‎02-18-2010

Thank you, guys!

I will try to upgrade and post the results here.

supro · ‎02-19-2010

I have upgraded to Version 8.2(2), but it did not help

The behaviour is the same.

Going to change ASA to transparent mode operations to avoid NATing of H.323

Thanks for the answers.

Should anybody have experience or ideas about this issue, post here, please.

supro · ‎02-24-2010

Colleagues, the problem was with H.323 gateway, not with ASA.

Now it is solved.

Kureli Sankar · ‎02-24-2010

Thanks for letting us know. If it broke even after the upgrade - we were at a loss.

-KS