To accommodate on-going development of the H.323 protocol, you might want to allow traffic containing new H.323 message types. The unknown H.323 message type feature enables you to configure the J-series device to accept H.323 traffic containing unknown message types in both NAT and route modes.
Before You Begin |
|---|
For background information, read Understanding the H.323 ALG. |
This feature enables you to specify how unidentified H.323 messages are handled by the J-series device. The default is to drop unknown (unsupported) messages. We do not recommend permitting unknown messages because they can compromise. However, in a secure test or production environment, this command can be useful for resolving interoperability issues with disparate vendor equipment. Permitting unknown H.323 messages can help you get your network operational, so that you can analyze your VoIP traffic to determine why some messages were being dropped.
Note that this command applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol and you have configured the J-series device to permit unknown message types, the message is forwarded without processing.
To configure the allow unknown messages feature, use either J-Web or the CLI configuration editor.
This topic covers:
To configure the J-series device to allow unknown H.323 message types in both route and NAT modes using the J-Web configuration editor:
The Configuration page appears.
In this example, you configure the J-series device to allow unknown H.323 message types in both route and NAT modes.
- user@host# set security alg h323 application-screen
unknown-message permit-nat-applied permit-routed
If you are finished configuring the J-series device, commit the configuration.
To check the configuration, see Verifying the H.323 Configuration.