Cisco 400-051 Exam

Which statement about application inspection of SAF network services on an adaptive security appliance is true?

  • A. The adaptive security appliance can inspect and learn the ephemeral port numbers that are used by H.225 and H.245 on SAF-enabled H.323 trunks.
  • B. An explicit ACL must be configured on the adaptive security appliance for SAF-enabled SIP trunks.
  • C. An explicit ACL must be configured on the adaptive security appliance for SAF-enabled H.323 trunks to account for ephemeral port numbers that are used by H.225 and H.245.
  • D. The adaptive security appliance can inspect and learn the ephemeral port numbers that are used by H.225 on SAF-enabled H.323 trunks, but H.245 ports must be explicitly defined.
  • E. The adaptive security appliance provides full application inspection for SAF network services.
Answer: Option C.
Explanation: 

The Adaptive Security Appliances do not have application inspection for the SAF network service. When Unified CM uses a SAF-enabled H.323 trunk to place a call, the ASA cannot inspect the SAF packet to learn the ephemeral port number used in the H.225 signaling. Therefore, in scenarios where call traffic from SAF-enabled H.323 trunks traverses the ASAs, ACLs must be configured on the ASAs to allow this signaling traffic. The ACL configuration must account for all the ports used by the H.225 and H.245 signaling.
Reference: Cisco Collaboration 9.x Solution Reference Network Designs (SRND) page 4-34

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker
error: Alert: Content is protected !!