Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CCM on one side of a PIX and phones on the other = a problem !!!

Can anyone give me an example of configuration of a PIX that supports having IP Phone and SoftPhone on one side of a PIX and CCM on other side.

I need to use NAT. I have PIX 6.1.1, CCM 3.1(1), SoftPhone 1.2

I have tried to use static nat and fixup protocol skinny but with no luck.

Thanks

11 REPLIES
New Member

Re: CCM on one side of a PIX and phones on the other = a problem

you mean 'NO fixup protocol skinny' right?

both the IP phones and softphone's don't work?

also, be more specific about what is not working, at what point the phones/calls are failing ...

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

I have fixup protocol skinny 2000 in my config and I am also using static nat for the phones.

Is that not the way to do it ?

I have opened for IP traffic from my gateway and CCM (they are on the same side) to the IP Phones (on the oter side). The strange thing is that I can call from the PSTN to the IP Phones and everthing works but when I call from my IP phone to the PSTN then it is disconnected in about 3-4 seconds (doesn´t matter wether the pstn user answers or not). What is more the display on the IP phone freeze for a few seconds when the call is disconnected (but not when the call comes from the pstn) Strange !!!

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

I had the EXACT same problem you are describing! and the problem turned out to be the "fixup protocol skinny" command. After I put NO fixup ... and rebooted my phones, voila, 2 1/2 days of torture were over with. We have a little bit diff. of a situation in that the phones were on the other side of PIX IPsec tunnell, and we had to put NO fixup .. on both PIX's, but do this and you should be ok. let me know how it works.

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

Thanks,

if you put No fixup protocol skinny - then I guess you have to open udp (16xxx - 32xxx) and some tcp ports (2000 and few others) - right ?

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

yes, i believe you're right. we don't limit ports considering we are tunnelling, so i don't know exactly what ports to open up, but i've seen dave post a list of them before in these forums.

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

Thanks,

I have a list of all the ports - I just don´t understand why the fixup protocol skinny doesn´t work because the Cisco documentations says it does - but hey life ain´t perfect :-)

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

The solution for the IP Phone is to use PIX version 6.0.1 105 with the 3.1.1 version of CCM

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

Hello Vidir,

What do you mean "105 with the 3.1.1 version of CCM"? What is the "105"?

Also are the phones able to do a Cisco TFTP request through the PIX?

Thanks,

Bob

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

Hi,

Cisco says that the skinny headers changed between CM 3.0 and CM 3.1 so you need this version of the PIX sw.

105 seems to be some version under 6.0(1) release as you can see below.

Cisco Secure PIX Firewall Version 6.0(1)105

Compiled on Mon 01-Oct-01 12:54 by morlee

The only thing you need is to have this software and the fixup protocol skinny 2000. I have no problem with tftp.

Vidir

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

FYI:

(running 3.1(2c) over 6.1.1 pix, build 105)

The fixup skinny command tells the PIX to check the message numbers in the skinny packets (use the latest Ethereal (www.ethereal.org) to decode them). This command was added at about pix 6.1.

The bravo build of CCM (3.1) uses higher message numbers than Encore, and versions of PIX < 6.1.1 build 105 block these messages and hence the phones don't work properly.

As for TFTP, it works fine if you open a conduit for it on the PIX.

Doug.

New Member

Re: CCM on one side of a PIX and phones on the other = a problem

Can someone tell me where I can download 6.0(1) 105.

I looked at the CCO and they only have 6.1.1 or 6.0.1 but compile date is old.

Thanks

111
Views
0
Helpful
11
Replies
CreatePlease login to create content