Hi, I am trying to bypass one device from H323 inspection. I created an ACL to deny IP any to the devices IP internally and externally, then permit ip any any. Then I created a class-map that matches the ACL, applied the Class-map to the service policy, removed the inspections from the default, and here is the problem I ran into, the class needs both H323 RAS and H323 H225, but when applying the second inspect I get an error,
Multiple inspect commands can't be configured for a class without 'match default-inspection-traffic|none' in it.
So I applied match default-inspection-traffic to the class map, and I was able to add both inspects to the class, then removed inspect H323 from the default. Well, the video that wasn't working started working, but we broke all outbound voice. I removed what I did, and restored the original configuration, but it was still broke, so I had to reload the ASA. Now voice is back to normal, but Video is broke again.
How do I exclude this one IP from being inspected for all H323 without breaking the voice? I am doing two other classes like this under the global policy for FTP inspection and to bypass the CSC for certain IP's, but they all have a single Inspect.
What you ran into is expected(Multiple inspect commands can't be configured for a class ). Now coming to fix your video issue. I believe you may be running into some known h323 inspection issues where by the packets may not be fixed up properly.
In these case we have to collect captures (ingress and egress) and see what is going on or you may want to try to see if there is an option to for address translation on the video unit itself so, you can put in the translated address.
Give that a shot and let us know. If it still doesn't work then, we you would probably be better off opening a TAC case.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...