Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Gatekeeper plus Firewall

Hello,

i need to hide my gatekeeper behind pix firewall , the PIX firewall used is 515 series.

My Gatekeeper is configured in proxy mode and remote Voip Gateways should be registered to this gatekeeper using RAS protocol

before configuring or putting my pix firewall in service, i m trying to figure out the Pix Firewall caracteristics and configuration :

1)-What IOS , able to handle H323 protocol suite (RAS Discovery, RAS protocol, h323 call setup ,...) and recognized by Cisco or Through normal usage as stable , should be running on the PIX firewall 515?

2)- what Port numbers and protocols should be allowed fom outside to inside in order to have registration with the gatekeeper .

3)-does the gatekeeper in proxy mode , introduce specific ports to allow through PIX firewall?

4)- if there is any sample configuration for a PIX in front of a gatekeeper in proxy mode , it would make my task more easier due to fact that i have real time traffic and no time fro tesing !!!

Thanks in advance fo help

Jacob.

1 REPLY
New Member

Re: Gatekeeper plus Firewall

Jacob,

Here is a good url for dealing with RAS/h323 with nat and firewalls.

Login Required

http://www.cisco.com/warp/customer/788/voip/voip-nat.html

No Login Required

http://www.cisco.com/warp/public/788/voip/voip-nat.html

If you select the section stating "Cisco Solutions" it will list what versions support RAS/H323 on the pix.

It is difficult to make IOS recommendations without knowing your environment and what possible bugs you could run into by changing IOS versions.

For the pix I'd do a bug search on the latest 6.2 or 6.3 versions and see if any look like they might pop up in your environment then make your decision from there.

There are a list of ports required for h323 in the section titled "UDP/TCP Ports Used for VoIP"

Here is a good link on the pix and how it handles the h323/RAS connections and should give you some guidance on what you will need to open on our firewall.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278b.html#1079378

Hope this helps,

Stephen

91
Views
0
Helpful
1
Replies
作成コンテンツを作成するには してください