PIX 525 and H.323 handling

03-04-2008

Does the PIX 525 have H.323 aware NAT? I've got a videoconferencing
app behind the PIX that I'd like to provide outside access to a
vendor.

The last thing that was changed to get it to work was to fix the NAT
transversal setting in the videoconferencing software. It was set to
the local IP address of the machine, rather than the global address.
Shouldn't the PIX have translated this anyway? I would have expected
that the PIX would be H.323 aware and do this by default. I'm not sure
I can tell by the documentation online.

03-04-2008

Which version are you running?

On Mar 4, 2:34*pm, pfisterfarm <pfisterf...@gmail.com> wrote:
> Does the PIX 525 have H.323 aware NAT? I've got a videoconferencing
> app behind the PIX that I'd like to provide outside access to a
> vendor.
>
> The last thing that was changed to get it to work was to fix the NAT
> transversal setting in the videoconferencing software. It was set to
> the local IP address of the machine, rather than the global address.
> Shouldn't the PIX have translated this anyway? I would have expected
> that the PIX would be H.323 aware and do this by default. I'm not sure
> I can tell by the documentation online.

03-04-2008

On Mar 4, 10:29 am, "pmach...@gmail.com" <pmach...@gmail.com> wrote:
> Which version are you running?

It's 7.2(2).

--Steve

03-05-2008

On Mar 4, 6:33*pm, pfisterfarm <pfisterf...@gmail.com> wrote:
> On Mar 4, 10:29 am, "pmach...@gmail.com" <pmach...@gmail.com> wrote:
>
> > Which version are you running?
>
> It's 7.2(2).
>
> --Steve

Try to disable fixup:

policy-map global_policy
class inspection_default
no inspect h323 h225
no inspect h323 ras

Depends on the videoconf device but some of them support the nat
traversal by setting the inside and outside address.
Therefore, the pix/asa fixup should be disabled.

Just a guess ...

Regards,
Pedro

03-06-2008

On Mar 5, 11:31 am, "pmach...@gmail.com" <pmach...@gmail.com> wrote:
> policy-map global_policy
> class inspection_default
> no inspect h323 h225
> no inspect h323 ras

So this will allow me to leave the NAT transversal option off on the
videoconferencing software?

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Pix 525 and Version 7.0(4) Transparent mode and vlans	alsgto	Cisco	0	07-18-2006 08:38 PM
PIX 525 and interfaces	MA	Cisco	1	03-01-2005 11:00 PM
VPN from Symantec 5440 and PIX 525.	AM	Cisco	0	02-23-2005 06:05 PM
PIX 525 and two PIX-4FE-66=	ka-50	Cisco	1	10-19-2004 03:12 PM
Cisco 3500 switch, PIX 525 and PortFast	Gary	Cisco	3	07-16-2004 10:05 PM