Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

17-45

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 17 Managing Firewall Inspection Rules

Configuring Protocols and Maps for Inspection

Configuring H.323 Maps

Use the Add and Edit H.323 Map dialog boxes to define the match criterion and values for an H.323

inspect map. An H.323 policy map lets you change the default configuration values used for H.323

inspection.

H.323 inspection supports H.323 compliant applications such as Cisco CallManager and VocalTec

Gatekeeper. H.323 is a suite of protocols defined by the International Telecommunication Union for

multimedia conferences over LANs. The security appliance supports H.323 through Version 4, including

H.323 v3 feature Multiple Calls on One Call Signaling Channel.

With H.323 inspection enabled, the security appliance supports multiple calls on the same call signaling

channel, a feature introduced with H.323 Version 3. This feature reduces call setup time and reduces the

use of ports on the security appliance. The two major functions of H.323 inspection are as follows:

• NAT the necessary embedded IPv4 addresses in the H.225 and H.245 messages. Because H.323

messages are encoded in PER encoding format, the security appliance uses an ASN.1 decoder to

decode the H.323 messages.

• Dynamically allocate the negotiated H.245 and RTP/RTCP connections.

Navigation Path

Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > H.323

(ASA/PIX/FWSM) from the Object Type selector. Right-click inside the work area, then select New

Object, or right-click a row and select Edit Object.

Related Topics

• Understanding Map Objects, page 6-72

• Configuring Protocols and Maps for Inspection, page 17-21

• Configuring Class Maps for Inspection Policies, page 17-26

Field Reference

ID Type The numeric identifier of the message that you want to act on.

• Value—A single message ID.

• Range—A range of message IDs.

Minimum Length The minimum number of bytes in the UDP payload.

Maximum Length The maximum number of bytes in the UDP payload.

Version Type The GTP version as a single value or range of values.

Use 0 to identify Version 0 and 1 to identify Version 1. Version 0 of

GTP uses port 2123, while Version 1 uses port 3386. By default all GTP

versions are allowed.

Table 17-23 GTP Policy Maps Add and Edit Match Condition and Action Dialog Boxes (Continued)

Element Description

Table 17-24 Add and Edit H.323 Map Dialog Boxes

Element Description

Name The name of the policy object. A maximum of 40 characters is allowed.

previous next