48-11
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter48 Configuring Inspection for Voice and Video Protocols
H.323 Inspection
Add/Edit H.323 Policy Map (Details)
Configuration> Global Objects > Inspect Maps > H323 > H323 Inspect Map > Advanced View
The Add/Edit H.323 Policy Map pane lets you configure the security level and additional settings for
H.323 application inspection maps.
Fields
Name—When adding an H.323 map, enter the name of the H.323 map. When editing an H.323 map,
the name of the previously configured H.323 map is shown.
Description—Enter the description of the H.323 map, up to 200 characters in length.
Security Level—Shows the security level and phone number filtering settings to configure.
State Checking—Tab that lets you configure state checking parameters for the H.323 inspect map.
Check state transition of H.225 messages—Enforces H.323 state checking on H.225 messages.
Check state transition of RAS messages—Enforces H.323 state checking on RAS messages.
Check RFC messages and open pinholes for call signal addresses in RFQ messages
Note You can enable call setup between H.323 endpoints when the Gatekeeper is inside the
network. The ASA includes options to open pinholes for calls based on the
RegistrationRequest/RegistrationConfirm (RRQ/RCF) messages. Because these RRQ/RCF
messages are sent to and from the Gatekeeper, the calling endpoint's IP address is unknown
and the ASA opens a pinhole through source IP address/port 0/0. By default, this option is
disabled. You can enable this option by setting the option in the H.323 Inspect Map.
Call Attributes—Tab that lets you configure call attributes parameters for the H.323 inspect map.
Enforce call duration limit—Enforces the absolute limit on a call.
Call Duration Limit—Time limit for the call (hh:mm:ss).
Enforce presence of calling and called party numbers—Enforces sending call party numbers
during call setup.
Tunneling and Protocol Conformance—Tab that lets you configure tunneling and protocol
conformance parameters for the H.323 inspect map.
Check for H.245 tunneling—Allows H.245 tunneling.
Action—Drop connection or log.
Check RTP packets for protocol conformance—Checks RTP/RTCP packets on the pinholes for
protocol conformance.
Limit payload to audio or video, based on the signaling exchange—Enforces the payload type
to be audio or video based on the signaling exchange.
HSI Group Parameters—Tab that lets you configure an HSI group.
HSI Group ID—Shows the HSI Group ID.
IP Address—Shows the HSI Group IP address.
Endpoints—Shows the HSI Group endpoints.
Add—Opens the Add HSI Group dialog box to add an HSI group.
Edit—Opens the Edit HSI Group dialog box to edit an HSI group.