Which statement about application inspection of SAF network services on an adaptive security
appliance is true?
A.
The adaptive security appliance can inspect and learn the ephemeral port numbers that are used
by H.225 and H.245 on SAF-enabled H.323 trunks.
B.
An explicit ACL must be configured on the adaptive security appliance for SAF-enabled SIP trunks.
C.
An explicit ACL must be configured on the adaptive security appliance for SAF-enabled H.323
trunks to account for ephemeral port numbers that are used by H.225 and H.245.
D.
The adaptive security appliance can inspect and learn the ephemeral port numbers that are used
by H.225 on SAF-enabled H.323 trunks, but H.245 ports must be explicitly defined.
E.
The adaptive security appliance provides full application inspection for SAF network services.
Explanation:
The Adaptive Security Appliances do not have application inspection for the SAF network service.
When Unified CM uses a SAF-enabled H.323 trunk to place a call, the ASA cannot inspect the SAF
packet to learn the ephemeral port number used in the H.225 signaling. Therefore, in scenarios
where call traffic from SAF-enabled H.323 trunks traverses the ASAs, ACLs must be configured on the
ASAs to allow this signaling traffic. The ACL configuration must account for all the ports used by the
H.225 and H.245 signaling.
Cisco Collaboration 9.x Solution Reference Network Designs (SRND) page 4-34