Would like some insight on what magic happens with IOS 12.1(5)T and above that allows the IP phones to be behind a router performing NAT...
Can successfully have IP phones on private addresses behind NAT when NAT is performed on IOS router - cannot figure out how to accomplish same when NAT is being performed on PIX or other firewall despite attempts from folks intimate w/ the firewalls and TAC.
Do not want to implement VPN's due to overhead and management headaches (many, many remote sites).
Will PIX at some point have the same magic as 12.1(5)T IOS? Is there some basic firewall programming to faciliate NAT that I am missing?
SYMPTOMS - other NAT'ing works fine with the firewall set-up - just not the phones....ultimately end up w/ half duplex....all TFTP loads happening and phones ringing etc leads me to believe TCP ports 2000 and 69 are working fine but RTP is not...
Any explanations or thoughts/assistance would be appreciated.
You just need to configure fixup protocol skinny to turn it on. I have not personally done this yet, but I am told that this will work with NAT on the PIX but not PAT so please let us know what you find on this matter (or anyone else).
I talked to a couple folks and I don't have any visibility on if/when Skinny will work with PAT on the PIX.
It looks like the way to do this right now if you don't have enough public IP addresses to do straight NAT is to use the router to perform the translation.
What you could do is have the NAT access-list on the router setup so that it would only translate for the IP phones, since that is the only reason you would even need to run NAT on the router anyway. At least then the rest of things will still be setup the way you normally would.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...