Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

What is the value of the 'inspect h.323' settings?

We have a group using a Polycom Bridge that has always had problems with remote users using hardware devices to connect to the Bridge from off-campus. All devices on-campus and all software clients are fine.

We did some testing yesterday, and when we remove the 'inspect h.323 h225' and 'inspect h.323 ras' settings the problem disappears.

It seems that this is a global setting that is either on or off. I am hesitant to permanently disable this inspection without knowing what effect this might have on other h.323 traffic. After reading the Cisco docs, it appears that this inspect setting actually helps h.323 traffic - so what negative effects, if any will we see if we disable these two inspect settings?

Anyone have some advice for us?




Re: What is the value of the 'inspect h.323' settings?

Well, if you haven't opened in your asa acls all the udp ports used for rtp streams, negotiated by h.323, then they will be blocked, inspect h.323 allows the ASA to look into the call control to see who is calling who, and what udp ports to expect to receive a call on, and then dynamically open that in the filter.

Community Member

Re: What is the value of the 'inspect h.323' settings?

Thanks, Jan. That makes sense.

So I am reluctant to disable this inspection cuz I don't want to open that many ports...

The Polycom folks indicated that this is an issue with h.329. Is there any way to resolve the issue without turning off inspection altogether?

thanks- Lynne

CreatePlease to create content