PIX and SIP

dngo01 · ‎06-14-2001

Please help me to provide an example of configuration to allow SIP with SDP information traversing the PIX Firewall.

According to the PIX Release Note version 6, SIP support is enhanced to read the IP address and port number in SIP messages body, but there is no explanation of how it works and no example to set up the rules.

Any help is appreciated.

mmellet · ‎06-19-2001

If SIP is enabled through the firewall with a conduit on port 5060, support is automatically enabled (see the fixup protocol sip command). It would be best to use a SIP proxy server like http://www.cisco.com/univercd/cc/td/doc/product/voice/sipproxy/cdinst/solinst.htm in combination with the PIX.

dngo01 · ‎06-19-2001

Thank you for your help.

Let me summarize this:

Using PIX and SIP proxy server, I can use the command "Fixup protocol sip 5060" to enable SIP support. Then, PIX will dynamically translate (NAT'ed)incoming/outgoing IP and port address contained in the SDP. There is no setup for this (NAT) translation.

Is my understanding correct?

Thanks.

mmellet · ‎06-21-2001

It looks good to me. fixup protocol sip 5060 is on by default so the PIX should inspect the payload of the port 5060 packet and fix the NAT where applicable.