H.323 Inspection
Note
The system enters HSI group configuration mode and the CLI prompt changes accordingly.
Define an HSI for the group.
c.
hostname(config-h225-map-hsi-grp)# hsi ip_address
where ip_address is the addresses of the HSI.
Define up to ten endpoints. To do so, use the endpoint command once per endpoint, as follows.
d.
hostname(config-h225-map-hsi-grp)# endpoint ip_address interface
where interface with the interface on the FWSM that is connected to the endpoint and ip_address is
the addresses of the endpoint.
If you need to create additional HSI groups, repeat step
e.
Create a policy map or modify an existing policy map that you want to use to apply the H.323 inspection
Step 5
engine to H.323 traffic. To do so, use the policy-map command, as follows.
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration
mode and the prompt changes accordingly.
Specify the class map, created in
Step 6
so, as follows.
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created in
map class configuration mode and the prompt changes accordingly.
Enable H.323 application inspection. To do so, use the inspect h323 command, as follows.
Step 7
hostname(config-pmap-c)# inspect h323 [h225 map_name]
hostname(config-pmap-c)#
where map_name is the H.225 map that you may have created in optional
Use the service-policy command to apply the policy map globally or to a specific interface, as follows:
Step 8
hostname(config-pmap-c)# service-policy policy_map_name [global | interface interface_ID]
hostname(config)#
where policy_map_name is the policy map you configured in
to traffic on all the interfaces, use the global option. If you want to apply the policy map to traffic on a
specific interface, use the interface interface_ID option, where interface_ID is the name assigned to the
interface with the nameif command.
The FWSM begins inspecting H.323 traffic, as specified.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-52
The maximum number of HSI groups allowed per H.225 map is five.
Step
Chapter 22
Applying Application Layer Protocol Inspection
b.
through
2, that identifies the H.323 traffic. Use the class command to do
Step
d.
Step
2. The CLI enters the policy
Step
4.
5. If you want to apply the policy map
OL-20748-01