Cisco Systems ASA 5580 Manual De Usuario
11-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Configuring Inspection for Voice and Video Protocols
H.323 Inspection
The following example shows how to configure phone number filtering:
ciscoasa(config)# regex caller 1 “5551234567”
ciscoasa(config)# regex caller 2 “5552345678”
ciscoasa(config)# regex caller 3 “5553456789”
ciscoasa(config)# class-map type inspect h323 match-all h323_traffic
ciscoasa(config-pmap-c)# match called-party regex caller1
ciscoasa(config-pmap-c)# match calling-party regex caller2
ciscoasa(config)# policy-map type inspect h323 h323_map
ciscoasa(config-pmap)# parameters
ciscoasa(config-pmap-p)# class h323_traffic
ciscoasa(config-pmap-c)# drop
Configuring H.323 and H.225 Timeout Values
To configure the idle time after which an H.225 signalling connection is closed, use the timeout h225
command. The default for H.225 timeout is one hour.
command. The default for H.225 timeout is one hour.
To configure the idle time after which an H.323 control connection is closed, use the timeout h323
command. The default is five minutes.
command. The default is five minutes.
Verifying and Monitoring H.323 Inspection
This section describes how to display information about H.323 sessions. This section includes the
following topics:
following topics:
•
•
•
Monitoring H.225 Sessions
The show h225 command displays information for H.225 sessions established across the ASA. Along
with the debug h323 h225 event, debug h323 h245 event, and show local-host commands, this
command is used for troubleshooting H.323 inspection engine issues.
with the debug h323 h225 event, debug h323 h245 event, and show local-host commands, this
command is used for troubleshooting H.323 inspection engine issues.
Before entering the show h225, show h245, or show h323-ras commands, we recommend that you
configure the pager command. If there are a lot of session records and the pager command is not
configured, it may take a while for the show command output to reach its end. If there is an abnormally
large number of connections, check that the sessions are timing out based on the default timeout values
or the values set by you. If they are not, then there is a problem that needs to be investigated.
configure the pager command. If there are a lot of session records and the pager command is not
configured, it may take a while for the show command output to reach its end. If there is an abnormally
large number of connections, check that the sessions are timing out based on the default timeout values
or the values set by you. If they are not, then there is a problem that needs to be investigated.
The following is sample output from the show h225 command:
ciscoasa# show h225
Total H.323 Calls: 1
1 Concurrent Call(s) for
Local: 10.130.56.3/1040 Foreign: 172.30.254.203/1720
1. CRV 9861
Local: 10.130.56.3/1040 Foreign: 172.30.254.203/1720