H323

CBAC supports the following H.323 inspection:

• H.323v1 When a TCP connection is created between the client and server (H.225), a separate channel for media control (H.245) is opened through which multimedia channels for audit and video are further negotiated.

• H.323v2 Provides additional options, including "fast start." The fast start option minimizes delay between the time the user initiates a connection and the time that the user gets data. This version is backward-compatible with version 1 inspection. The client opens a connection to the server on port 1720. The data channel between the client and the server is dynamically negotiated using UDP ports between 1024 and 65,536.

CBAC uses the client port and connection information to create dynamic entries in the ACL. As the connections are terminated, CBAC removes the dynamic entries from the ACL.

0 0

Post a comment