h323 inspect in a single class with match criteria

hansrodlo · ‎07-11-2013

Hi, I trying to apply this to make sure only inspect h323 traffic in a single host (that's a Video Conference host), but don't works. Only works when I applied the inspect in the inspection_default class.

Here is the config:

access-list 100 extended permit ip host x.x.x.x any

access-list 100 extended permit ip any host x.x.x.x

class-map h223_VC

match access-list 100

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect ip-options

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp

inspect icmp

inspect netbios

inspect icmp error

class h223_VC

inspect h323 h225

It´s possible? or is something wrong?

Thanks a lot for your help

Luis Silva Benavides · ‎07-12-2013

Hi,

When you have it in the global policy you only H323 H225 or you also have H323 ras?

What do you see if you run this commands?

packet-tracer input tcp 1025 1720

sho service-policy flow tcp host host eq 1720

How do you test it?

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva

hansrodlo · ‎07-12-2013

Hi Luis thanks for response,

No, only have h323 h225.

When Its applied in the inspection_default class, the video works in both directions, but when I remove it, and apply in a single class (with desire criteria), the video only works in one way. It's same result, when I remove the inspection from the inspection_default class.

Un saludo.