cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
0
Helpful
1
Replies

PIX 525 - PAT & NAT 1-1 for rtsp 554 and 7070

trangen
Level 1
Level 1

We have a PIX 525, setup to do PAT, we are having problems getting RealPlayer to work, over rtsp 554 and 7070, 7071.

Question, the following cisco site says PAT & NAT 1-1 won't work with rtsp.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278b.html#wp1063957

look at table 5-1, and rtsp it says no PAT and no NAT (1-1).

Is this true for NAT 1-1? was this limited to a certain IOS?

Do we have to do pool to pool NAT for it to work?

1 Reply 1

wong34539
Level 6
Level 6

PIX having some restriction for Streaming Media.

The fixup protocol rtsp command lets PIX Firewall pass RTSP packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. PIX Firewall does not support multicast RTSP.

If you are using Cisco IP/TV, use RTSP TCP port 554 and TCP 8554:

fixup protocol rtsp 554

fixup protocol rtsp 8554

PAT is not supported with the fixup protocol rtsp command

PIX Firewall cannot perform NAT on RTSP messages because the embedded IP addresses are contained in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and PIX Firewall cannot perform NAT on fragmented packets.

RTSP inspection does not support PAT or dual-NAT. Also, PIX Firewall cannot recognize HTTP cloaking where RTSP messages are hidden in the HTTP messages.

Try this:

Disable RTSP protocol inspection as a workaround

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: