Cisco Cisco IOS Software Release 12.4(11)T
H.323 RAS Support in Cisco IOS Firewall
How to Configure a Firewall Policy for H.323 RAS Protocol Inspection
3
Cisco IOS Security Configuration Guide
Creating a Policy Map for H.323 RAS Protocol Inspection
Use this task to create a policy map for a firewall policy that will be attached to zone pairs.
Note
If you are creating an inspect type policy map, only the following actions are allowed: drop, inspect,
police, and pass.
police, and pass.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
policy-map type inspect policy-map-name
4.
class type inspect class-name
5.
inspect [parameter-map-name]
6.
police rate bps burst size
7.
drop [log]
8.
pass
9.
exit
Step 4
match access-group
{access-group | name
access-group-name}
Example:
Router(config-cmap)# match access-group 101
(Optional) Configures the match criterion for a class map
based on the access control list (ACL) name or number.
based on the access control list (ACL) name or number.
Step 5
match protocol
protocol-name [signature]
Example:
Router(config-cmap)# match protocol h225ras
Configures the match criterion for a class map on the basis
of a specified protocol.
of a specified protocol.
Note
You should specify the h225ras keyword to create a
class-map for H.225 RAS protocol classification.
class-map for H.225 RAS protocol classification.
For a list of supported protocols, use the
command-line interface (CLI) help option (?) on
your platform.
command-line interface (CLI) help option (?) on
your platform.
Step 6
match class-map
class-map-name
Example:
Router(config-cmap)# match class-map c1
(Optional) Specifies a previously defined class as the match
criterion for a class map.
criterion for a class map.
Step 7
exit
Example:
Router(config-cmap)# exit
Returns to global configuration mode.
Command or Action
Purpose