Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
1
Replies

Pix 501 and H323?

rhopkins_nci
Level 1
Level 1

‎10-08-2007 10:03 AM - edited ‎03-11-2019 04:22 AM

I have a pix 501 and 4 video conference units. I have static nat setup for them and allow inbound any network with range 1024-65535. Are there any tips or configs to make sure those h323 packets/frames traverse the firewall as quickly as possible? Should I leave or disable these statements:

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

since I have those ports open with the acl? Should I alter these statements:

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

I was wondering if there was anyway to turn off packet inspection for h323 connections other than the checking the acl. If you need anymore info let me know, thanks in advance.

Labels:
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎10-12-2007 01:21 PM

You should rather consider upgrading your PIX hardware if you want it to handle large video data flows. Your config for h323 packets is fine and there is no need to open ports using acl's unless you face packets drops or dis connectivity.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card