PIX firewalling for VoIP

nikolasgeyer · ‎05-27-2007

Hi everyone,

Since firewalling is not my strongest suite I am just after some best practices for the following scenario.

I have a VoIP setup with handsets connecting to 3750 switches (and the computers hanging off the VoIP sets) with all voice traffic on vlan 200 and normal data on vlan 100.

I need to move the call manager behind a PIX to terminate E1's for external voice access. My problem is all VoIP/vlan200 devices currently reside on the 192.168.200/24 subnet. I wish to keep the call manager in the same subnet (behind the 'outside' interface) however I dont seem to be able to do this (as I use a 192.168.200/24 IP for the inside interface to get back onto the network the VoIP sets reside on).

Are there any best practices for this scenario? I need to keep the traffic for VoIP handsets in the same subnet/vlan but im a little stumped as to how one would do this with a PIX in the middle.

The PIX itself is a PIX 501 running 6.3.

Any advice would be helpful.

Cheers,

Nik

hoogen_82 · ‎05-28-2007

Well Nik, the concept is called transparent firewall where you can acheive your scenario, but unfortunately there is no rupport for this mode in 6.X. It has been introduced only in the 7.X code.

Have a look a tutorial if intrested in this website http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

HTH

Hoogen

Do rate if this post helps :)