Cisco Cisco IOS Software Release 12.4(11)T
H.323 RAS Support in Cisco IOS Firewall
Configuration Examples for H.225 RAS Protocol Inspection
5
Cisco IOS Security Configuration Guide
Configuration Examples for H.225 RAS Protocol Inspection
This section contains the following configuration example:
•
H.323 RAS Protocol Inspection Configuration: Example
The following example shows how to configure an H.323 RAS protocol inspection policy:
class-map type inspect match-any c1
match protocol h323
match protocol h225ras
class-map type inspect match-all c2
match protocol icmp
!
policy-map type inspect p1
class type inspect c1
inspect
class class-default
drop
policy-map type inspect p2
class type inspect c2
inspect
class class-default
drop
!
zone security z1
description One-Network zone
zone security z2
description Two-Network zone
zone-pair security zp source z1 destination z2
service-policy type inspect p1
zone-pair security zp-rev source z2 destination z1
service-policy type inspect p2
!
interface FastEthernet1/0
ip address 10.0.0.0 255.255.0.0
zone-member security z1
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 10.0.1.1 255.255.0.0
zone-member security z2
duplex auto
speed auto