H323 - PIX 515E

fmandruzzato · ‎11-06-2003

hi everyone

my problem's about right configurationf for a pix

515e running 6.3.3

the pix is installed between the router which is the end-point to the internet and the internal lan.

The PIX shounld:

make dynamic nat for the private clients for navigating

make static nat for a private GK installed on the private network (the same of the clients) on one pubblic address

---|

ROUTER ----- pif 515e (failover) | private Net

---| (gk and video

inside here)

the videocommunication from the video conference box (video) works like this:

i see and hear the other part

they cant hear and see me

gateways are ok.

Is that possible that making dynamic nat for the whole private network creates problems to the static nat configured for the GK (which is in the same private net) ?

anyone heard particular problems with 6.3.3 regarding

h323?

FROM the CISCO site

(http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278b.html#1079378) :

". If you configure a network static where the network static is the same as a third-party netmask and address, then any outbound H.323 connection fails."

SOMEONE can translate me this point? i couldn't get it..but seems interesting

waiting for suggestions

thanks

drolemc · ‎11-12-2003

Static takes preference over dynamic and should not be a problem. However, if you still suspect that including the whole private network in dynamic nat is interfearing with the static translation, you could add an additional deny statement to your access list (that defines the inside addresses to be dynamically natted). A similar configuration example for routers is available at http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml