Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA H323 inspection

Hi All

I am hoping someone is able to help me with the following, I have checked the Cisco site to no avail.

We have a requirement to disable H323 inspection on a set of access-list  on the Cisco ASA firewall for a video conferencing solution however the firewall still needs to have it enabled as part of the default inspection policy.

Any help much appreciated.

Thanks MJ

Hall of Fame Super Silver

ASA H323 inspection

Create a class-map with an access list match criterion that excludes the network addresses you don't want inspected and then tell a policy map to inspect using the H.323. inspection the traffic that matches that class-map.

Apply to the appropriate interface with a service policy.

Community Member

ASA H323 inspection

Hi Marvin

Thank you for the information. The dynamic nature of the H323 does anyone know how the access list would look?

Thanks MJ

ASA H323 inspection

You could do something like the following:

access-list filter-list extended deny tcp any eq h323

access-list filter-list extended deny udp any range 1718 1719

access-list filter-list extended permit tcp any any eq h323

access-list filter-list extended permit udp any any range 1718 1719

Then apply it to the global policy map.


Please remember to rate and select a correct answer
CreatePlease to create content