cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
586
Views
0
Helpful
3
Replies

FWSM and voip

ngundura
Level 1
Level 1

Hi everyone,

I have this setup

Inside Outside

Phone(pots)----h323gw----FWSM-----|--IPphone

|

callmanager(outside)

The ip addresses are as follows

on h323gateway to FWSM - 10.130.120.4

on FWSM inside - 10.130.120.1

on FWSM outside - 10.132.120.2

on the CM - 10.132.120.7

on the ip phone - 10.132.120.5

I have the following configuration on

the FWSM

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol skinny 200

nat(inside) 1 10.130.120.0 255.255.255.0

global (outside) 1 10.132.160.100-10.132.160.120

access-list 1 extended permit tcp host 10.130.120.4 host 10.132.120.7

access-group 1 in interface inside

What is happening is when I make a outboud call from pots phone to IP phone,

on the ethereal capture I see that the pots phone sends a request to Callmanager which is on the outside with the ip address 10.132.160.100 and the Callmanager sends a SYN ACK back to pots phone.

Now, pots phone sends a Openlogicalchannel and then the Callmanager sends a RESET.

Can someone tell me what might be happening here?. Am I missing some configuration?.

3 Replies 3

amolrajgure
Level 1
Level 1

Can you try with NO Fixup commands to analyse.

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol skinny 200

Regards

Amol

Just now I have setup POLYCOM Viewstation H323 behind a PIX and in a "DMZ" under the FWSM ... it seems the Calling has started at the foreign POLYCOM, but the call cannot complete connecting. I have noted at the foreign POLYCOM that has picked up a Calling partner of the internal (before NAT) address, which i wonder if that causes the problem !! but WHY ? ... note : my Netscreens have no such problem !!!

Cheers

Raymond.

Cisco Fixup is no good, ... have experience before about ESMTP

see this note :

Note: If you have an ESMTP server behind the PIX, you may need to turn off the Mailguard feature to allow mail to flow properly. Also, doing Telnet to port 25 may not work with the fixup protocol smtp command, especially with a Telnet client that does character mode.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml

So for my POLYCOMs

I shall try :

(1) put up a specific ACL for 1720 to test "with Fixup H323"

(2) if (1) fails, get rid "Fixup H323" and test again

(3) if it still fails, forget Cisco !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: