«

Hi,

My company has a CISCO PIX 515E. I wish to configure it to allow VoIP
traffic. The only way I know how is through using the PDM interface
'cause I am not trained in using the command line So how can I
configure it to allow an external VoIP gateway server to access the IP
phones in my network and vice versa? The port needed to be opened is
UDP 6060. I do not mind receiving instructions in command line so
long as you let me know how to save it permanently.

Thanks.

Richard

In article < >,
Richard Loy <> wrote:
:My company has a CISCO PIX 515E. I wish to configure it to allow VoIP
:traffic. The only way I know how is through using the PDM interface
:'cause I am not trained in using the command line So how can I
:configure it to allow an external VoIP gateway server to access the IP
hones in my network and vice versa? The port needed to be opened is
:UDP 6060.


You should rethink this matter. VoIP packets need end-to-end QoS
(Quality of Service) to be served properly, in order and with priority
over (say) web page browsing. The PIX does not, however, support
QoS at all in any released version [but might in the version that
is currently in beta.]


:I do not mind receiving instructions in command line so
:long as you let me know how to save it permanently.

Log on to the pix. The default username is 'pix' (you need to know
that if you are using ssh). Put in your first level password. Give
the command 'enable'. Put in your enable password. Give the command
'config term'. Type in all the commands you need to add the accesses
you want. When you have entered all the commands, enter the command
'write mem' to save the configuration to the boot-time memory. Then
type in as many 'exit' commands as you need to log off.
--
I don't know if there's destiny,
but there's a decision! -- Wim Wenders (WoD)

On Sat, 21 Aug 2004 10:00:10 -0500, Richard Loy wrote:

> Hi,
>
> My company has a CISCO PIX 515E. I wish to configure it to allow VoIP
> traffic. The only way I know how is through using the PDM interface
> 'cause I am not trained in using the command line So how can I
> configure it to allow an external VoIP gateway server to access the IP
> phones in my network and vice versa? The port needed to be opened is
> UDP 6060. I do not mind receiving instructions in command line so long
> as you let me know how to save it permanently.
>
> Thanks.
>
> Richard

What protocol are you using? UDP/6060 really doesn't ring a bell with
me. Perhaps SIP? Either way, the pix has several "fixups". Some of
which cover voice protocols (SCCP/H323/SIP). But, there is no magic
bullet....many bugs abound, and some vendors require you to disable nat
and turn fixups off.

Post more specifics.....

Rik

Hi Rik,

My mistake. It should be UDP 5060, SIP. I could get a dial tone when
the IP Phone is plug in to my LAN. When I tried to dial a telephone
number, it just showed 'Calling XXXX' on its LCD panel, with no
indication of remote phone ringing. The remote phone is actually my
normal desk phone which, of course, did not ring. The IP phone vendor
instructed that my PIX should release the UDP port 5060 for both
incoming and outgoing to their SIP server at IP, say, 61.8.xxx.xxx.
Please pardon my ignorance. When configuring my PIX using PDM, should
I add any entry to my 'inside interface' and/or 'outside interface'?
Should their SIP server be source or destination? And, finally, which
is the inside, and which is the outside interface?

Regards,
Richard



Rik Bain <> wrote in message news:<4127d851$0$57342$ .com>...
> On Sat, 21 Aug 2004 10:00:10 -0500, Richard Loy wrote:
>
>
> What protocol are you using? UDP/6060 really doesn't ring a bell with
> me. Perhaps SIP? Either way, the pix has several "fixups". Some of
> which cover voice protocols (SCCP/H323/SIP). But, there is no magic
> bullet....many bugs abound, and some vendors require you to disable nat
> and turn fixups off.
>
> Post more specifics.....
>
> Rik

Hi Walter,
Thanks for the tips on saving settings permanently in the PIX using
command line. The IP Phones are on trial so that I can actually
experience the QoS, since the vendor claim that it is great quality.

Regards,
Richard


(Walter Roberson) wrote in message news:<cg8hmd$6ls$>...
> In article < >,
> Richard Loy <> wrote:
> :My company has a CISCO PIX 515E. I wish to configure it to allow VoIP
> :traffic. The only way I know how is through using the PDM interface
> :'cause I am not trained in using the command line So how can I
> :configure it to allow an external VoIP gateway server to access the IP
> hones in my network and vice versa? The port needed to be opened is
> :UDP 6060.
>
>
> You should rethink this matter. VoIP packets need end-to-end QoS
> (Quality of Service) to be served properly, in order and with priority
> over (say) web page browsing. The PIX does not, however, support
> QoS at all in any released version [but might in the version that
> is currently in beta.]
>
>
> :I do not mind receiving instructions in command line so
> :long as you let me know how to save it permanently.
>
> Log on to the pix. The default username is 'pix' (you need to know
> that if you are using ssh). Put in your first level password. Give
> the command 'enable'. Put in your enable password. Give the command
> 'config term'. Type in all the commands you need to add the accesses
> you want. When you have entered all the commands, enter the command
> 'write mem' to save the configuration to the boot-time memory. Then
> type in as many 'exit' commands as you need to log off.

In article <> ,
Richard Loy <> wrote:
:My mistake. It should be UDP 5060, SIP.

:The IP phone vendor
:instructed that my PIX should release the UDP port 5060 for both
:incoming and outgoing to their SIP server

If you are using PIX 6.3(2) or later [as I recall], ensure you have

fixup protocol sip udp 5060

Some of the older PIX support

fixup protocol sip 5060

(without the keyword 'udp')


lease pardon my ignorance. When configuring my PIX using PDM, should
:I add any entry to my 'inside interface' and/or 'outside interface'?

As the vendor wants incoming and outgoing -- you'd want entries
under both.

:Should their SIP server be source or destination?

The source for your rule permitting incoming SIP, and the destination
for the rule permitting outgoing SIP.

: And, finally, which
:is the inside, and which is the outside interface?

outside is where the WAN connection is plugged in. Inside is where your
LAN connection is plugged in. Think of being "inside" a walled fortress,
being attacked from "outside".
--
Before responding, take into account the possibility that the Universe
was created just an instant ago, and that you have not actually read
anything, but were instead created intact with a memory of having read it.