Chapter 22
Applying Application Layer Protocol Inspection
Outside gatekeeper configuration (GK):
gatekeeper
zone local GK cisco.com 10.0.0.6
zone cluster local gup-cluster GK
element inGK 10.0.0.7 1719
Inside gatekeeper configuration (inGK):
gatekeeper
zone local inGK cisco.com 10.0.0.7
zone cluster local gup-cluster inGK
element GK 10.0.0.6 1719
When the H.323 GUP session is established in this configuration, the following is output from the show
h323 gup command:
hostname(config)# show h323 gup
No.
1
The following output from the show conn command shows the secondary channel established between
the H.323 Gatekeepers and the H.323 GUP connections marked with the flag n.
hostname(config)# show conn
3 in use, 37 most used
Network Processor 1 connection
UDP out 209.165.201.6:1719 in 10.0.0.7:1719 idle 0:00:45 Bytes 672
FLAGS - H
TCP out 209.165.201.6:22754 in 10.0.0.7:15970 idle 0:00:04 Bytes 1188 FLAGS - UBIn
Network Processor 2 connections
Multicast sessions:
Network Processor 1 connection
Network Processor 2 connections
IPv6 connections:
H.323 Sample Configuration
Figure 22-10
Figure 22-10
H.323 Inspection Setup
R2
4085550100
Analog
Cisco 3745
phone
H.323 Gateway
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
LOCAL
inside:10.0.0.7/15970
shows a sample configuration for H.323 inspection.
outside
vlan 100
209.100.100.2
Firewall Service Module
(FWSM)
FOREIGN
Outside:209.165.201.6/22754
inside
vlan 50
10.100.100.2
Cisco 3745
H.323 Gateway
Cisco 3745
Gatekeeper
H.323 Inspection
R1
4085550199
Analog
phone
22-57