EasyManuals Logo
Home>Cisco>Firewall>ASA 5506-X

Cisco ASA 5506-X Configuration Guide

Cisco ASA 5506-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #329 background imageLoading...
Page #329 background image
14-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 14 Inspection for Voice and Video Protocols
H.323 Inspection
hostname(config-pmap-c)# drop
Configure the H.323 Inspection Service Policy
The default ASA configuration includes H.323 H.255 and RAS inspection on the default ports applied
globally on all interfaces. A common method for customizing the inspection configuration is to
customize the default global policy. You can alternatively create a new service policy as desired, for
example, an interface-specific policy.
Procedure
Step 1 If necessary, create an L3/L4 class map to identify the traffic for which you want to apply the inspection.
class-map name
match parameter
Example:
hostname(config)# class-map h323_class_map
hostname(config-cmap)# match access-list h323
In the default global policy, the inspection_default class map is a special class map that includes default
ports for all inspection types (match default-inspection-traffic). If you are using this class map in
either the default policy or for a new service policy, you can skip this step.
For information on matching statements, see Identify Traffic (Layer 3/4 Class Maps), page 11-13.
Step 2 Add or edit a policy map that sets the actions to take with the class map traffic.
policy-map name
Example:
hostname(config)# policy-map global_policy
In the default configuration, the global_policy policy map is assigned globally to all interfaces. If you
want to edit the global_policy, enter global_policy as the policy name.
Step 3 Identify the L3/L4 class map you are using for H.323 inspection.
class name
Example:
hostname(config-pmap)# class inspection_default
To edit the default policy, or to use the special inspection_default class map in a new policy, specify
inspection_default for the name. Otherwise, you are specifying the class you created earlier in this
procedure.
Step 4 Configure H.323 inspection.
inspect h323 {h255 | ras} [h323_policy_map]
Where h323_policy_map is the optional H.323 inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the H.323 inspection policy map, see
Configure H.323 Inspection Policy Map, page 14-6.
Example:
hostname(config-class)# no inspect h323 h225
hostname(config-class)# no inspect h323 ras

Table of Contents

Other manuals for Cisco ASA 5506-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Easy Setup Guide
Easy Setup Guide11 pages
Preview: Installation Guide
Installation Guide46 pages
Preview: Software Guide
Software Guide37 pages
Preview: Hardware Installation Guide
Hardware Installation Guide52 pages
Preview: Mount And Connect
Mount And Connect12 pages
Preview: Mount The Chassis
Mount The Chassis10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

Cisco ASA 5506-X Specifications

General IconGeneral
BrandCisco
ModelASA 5506-X
CategoryFirewall
LanguageEnglish

Related product manuals