Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM and voip

Hi everyone,

I have this setup

Inside Outside




The ip addresses are as follows

on h323gateway to FWSM -

on FWSM inside -

on FWSM outside -

on the CM -

on the ip phone -

I have the following configuration on

the FWSM

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol skinny 200

nat(inside) 1

global (outside) 1

access-list 1 extended permit tcp host host

access-group 1 in interface inside

What is happening is when I make a outboud call from pots phone to IP phone,

on the ethereal capture I see that the pots phone sends a request to Callmanager which is on the outside with the ip address and the Callmanager sends a SYN ACK back to pots phone.

Now, pots phone sends a Openlogicalchannel and then the Callmanager sends a RESET.

Can someone tell me what might be happening here?. Am I missing some configuration?.

New Member

Re: FWSM and voip

Can you try with NO Fixup commands to analyse.

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol skinny 200



New Member

Re: FWSM and voip

Just now I have setup POLYCOM Viewstation H323 behind a PIX and in a "DMZ" under the FWSM ... it seems the Calling has started at the foreign POLYCOM, but the call cannot complete connecting. I have noted at the foreign POLYCOM that has picked up a Calling partner of the internal (before NAT) address, which i wonder if that causes the problem !! but WHY ? ... note : my Netscreens have no such problem !!!



New Member

Re: FWSM and voip

Cisco Fixup is no good, ... have experience before about ESMTP

see this note :

Note: If you have an ESMTP server behind the PIX, you may need to turn off the Mailguard feature to allow mail to flow properly. Also, doing Telnet to port 25 may not work with the fixup protocol smtp command, especially with a Telnet client that does character mode.

So for my POLYCOMs

I shall try :

(1) put up a specific ACL for 1720 to test "with Fixup H323"

(2) if (1) fails, get rid "Fixup H323" and test again

(3) if it still fails, forget Cisco !!!

CreatePlease login to create content