H.323 inspection – Cisco ASA 5505 User Manual

Page 913

Advertising
background image

44-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 44 Configuring Inspection for Voice and Video Protocols

H.323 Inspection

The line beginning with

RTP/RTCP: PAT xlates:

appears only if an internal CTI device has registered

with an external CallManager and the CTI device address and ports are PATed to that external interface.
This line does not appear if the CallManager is located on an internal interface, or if the internal CTI
device address and ports are translated to the same external interface that is used by the CallManager.

The output indicates a call has been established between this CTI device and another phone at
172.29.1.88. The RTP and RTCP listening ports of the other phone are UDP 26822 and 26823. The other
phone locates on the same interface as the CallManager because the ASA does not maintain a CTIQBE
session record associated with the second phone and CallManager. The active call leg on the CTI device
side can be identified with Device ID 27 and Call ID 0.

The following is sample output from the show xlate debug command for these CTIBQE connections:

hostname# show xlate debug

3 in use, 3 most used

Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,

r - portmap, s - static

TCP PAT from inside:10.0.0.99/1117 to outside:172.29.1.99/1025 flags ri idle 0:00:22

timeout 0:00:30

UDP PAT from inside:10.0.0.99/16908 to outside:172.29.1.99/1028 flags ri idle 0:00:00

timeout 0:04:10

UDP PAT from inside:10.0.0.99/16909 to outside:172.29.1.99/1029 flags ri idle 0:00:23

timeout 0:04:10

The show conn state ctiqbe command displays the status of CTIQBE connections. In the output, the
media connections allocated by the CTIQBE inspection engine are denoted by a ‘C’ flag. The following
is sample output from the show conn state ctiqbe command:

hostname# show conn state ctiqbe

1 in use, 10 most used

hostname# show conn state ctiqbe detail

1 in use, 10 most used

Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,

B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,

E - outside back connection, F - outside FIN, f - inside FIN,

G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,

i - incomplete, J - GTP, j - GTP data, k - Skinny media,

M - SMTP data, m - SIP media, O - outbound data, P - inside back connection,

q - SQL*Net data, R - outside acknowledged FIN,

R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,

s - awaiting outside SYN, T - SIP, t - SIP transient, U - up

H.323 Inspection

This section describes the H.323 application inspection. This section includes the following topics:

H.323 Inspection Overview, page 44-4

How H.323 Works, page 44-4

H.239 Support in H.245 Messages, page 44-5

Limitations and Restrictions, page 44-5

Configuring an H.323 Inspection Policy Map for Additional Inspection Control, page 44-6

Configuring H.323 and H.225 Timeout Values, page 44-9

Verifying and Monitoring H.323 Inspection, page 44-9

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals