PIX 525 - PAT & NAT 1-1 for rtsp 554 and 7070

Unanswered Question
May 3rd, 2007

We have a PIX 525, setup to do PAT, we are having problems getting RealPlayer to work, over rtsp 554 and 7070, 7071.

Question, the following cisco site says PAT & NAT 1-1 won't work with rtsp.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278b.html#wp1063957

look at table 5-1, and rtsp it says no PAT and no NAT (1-1).

Is this true for NAT 1-1? was this limited to a certain IOS?

Do we have to do pool to pool NAT for it to work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

PIX having some restriction for Streaming Media.

The fixup protocol rtsp command lets PIX Firewall pass RTSP packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. PIX Firewall does not support multicast RTSP.

If you are using Cisco IP/TV, use RTSP TCP port 554 and TCP 8554:

fixup protocol rtsp 554

fixup protocol rtsp 8554

PAT is not supported with the fixup protocol rtsp command

PIX Firewall cannot perform NAT on RTSP messages because the embedded IP addresses are contained in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and PIX Firewall cannot perform NAT on fragmented packets.

RTSP inspection does not support PAT or dual-NAT. Also, PIX Firewall cannot recognize HTTP cloaking where RTSP messages are hidden in the HTTP messages.

Try this:

Disable RTSP protocol inspection as a workaround

Actions

This Discussion