Question on h.323 and PIX 525 with NAT

Unanswered Question
Jul 15th, 2009
User Badges:

I'm having some trouble with h.323 (video) calls through a PIX 525 using NAT. We can get incoming calls fine, but not outgoing calls for some reason. My question has to do with 'inspect h323' vs 'fixup protocol h323'. What's the difference between them? The video conferencing unit in question has a NAT transversal option where I can supply an address and mask.I'm wondering if I'm having a NAT transversal problem anyway. Which one would handle the NAT transversal, inspect or fixup? Currently, the PIX config has:

inspect h323 h225

inspect h323 ras

do I need:

fixup protocol h323 h225 1718-1720

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

instead of the inspect commands? In addition to them?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
plumbis Wed, 07/15/2009 - 10:52
User Badges:
  • Silver, 250 points or more

depending on your version of code entering the fixup command will automatically be translated to inspect commands.

There are a lot of things at play here including the type of NAT and the version of h323/h225 are you running.

spfister336 Fri, 07/17/2009 - 07:02
User Badges:

The NAT is a dynamic mapping. How do I find out what version of h323/h225 is in effect?

I tried it without the inspect statement (there's a NAT transversal option which has the current external address, so it shouldn't be needed) and had the same results...


This Discussion