PIX firewalling for VoIP

Unanswered Question
May 27th, 2007

Hi everyone,

Since firewalling is not my strongest suite I am just after some best practices for the following scenario.

I have a VoIP setup with handsets connecting to 3750 switches (and the computers hanging off the VoIP sets) with all voice traffic on vlan 200 and normal data on vlan 100.

I need to move the call manager behind a PIX to terminate E1's for external voice access. My problem is all VoIP/vlan200 devices currently reside on the 192.168.200/24 subnet. I wish to keep the call manager in the same subnet (behind the 'outside' interface) however I dont seem to be able to do this (as I use a 192.168.200/24 IP for the inside interface to get back onto the network the VoIP sets reside on).

Are there any best practices for this scenario? I need to keep the traffic for VoIP handsets in the same subnet/vlan but im a little stumped as to how one would do this with a PIX in the middle.

The PIX itself is a PIX 501 running 6.3.

Any advice would be helpful.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion