If you ever think you are missing something, put a sniffer on and look whats going on. Also, you can place at the end of your acl "deny ip any any log" and look at your syslog or "show log" to see what you are blocking. If you find you are blocking something you want, change your acl to allow it. If your happy with your acl, you can then remove the line.
And no I don't think you can change the names to just ports in an acl.
I've checked the iana link already, its a long time favorite. And thats why I'm asking here, since the h323 literal could cover so many ports. I'm documenting a firewall config for a client, and I'm just trying to track down what specific port the h323 literal actually allows.
The port used for call setup (H.225.0 / Q.931) is TCP 1720. The called party return port is dynamic (ie >1026). The calling party then connects to this port and a series of messages are exchanged where the two parties agree on which end will be the master and what their mutual capabilities are. Also, they open the logical channels that are used for media transmission. These ports (UDP) are dynamically allocated. Data services (chat, whiteboard etc) are also set up during this phase. Again, port allocation is dynamic, but convention suggests that 1503 (TCP) is used.
There are other ports involved when a gatekeeper is used - 1718 and 1719 UDP.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...