Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM and voip

Hi everyone,

I have this setup

Inside Outside

Phone(pots)----h323gw----FWSM-----|--IPphone

|

callmanager(outside)

The ip addresses are as follows

on h323gateway to FWSM - 10.130.120.4

on FWSM inside - 10.130.120.1

on FWSM outside - 10.132.120.2

on the CM - 10.132.120.7

on the ip phone - 10.132.120.5

I have the following configuration on

the FWSM

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol skinny 200

nat(inside) 1 10.130.120.0 255.255.255.0

global (outside) 1 10.132.160.100-10.132.160.120

access-list 1 extended permit tcp host 10.130.120.4 host 10.132.120.7

access-group 1 in interface inside

What is happening is when I make a outboud call from pots phone to IP phone,

on the ethereal capture I see that the pots phone sends a request to Callmanager which is on the outside with the ip address 10.132.160.100 and the Callmanager sends a SYN ACK back to pots phone.

Now, pots phone sends a Openlogicalchannel and then the Callmanager sends a RESET.

Can someone tell me what might be happening here?. Am I missing some configuration?.

3 REPLIES
New Member

Re: FWSM and voip

Can you try with NO Fixup commands to analyse.

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol skinny 200

Regards

Amol

New Member

Re: FWSM and voip

Just now I have setup POLYCOM Viewstation H323 behind a PIX and in a "DMZ" under the FWSM ... it seems the Calling has started at the foreign POLYCOM, but the call cannot complete connecting. I have noted at the foreign POLYCOM that has picked up a Calling partner of the internal (before NAT) address, which i wonder if that causes the problem !! but WHY ? ... note : my Netscreens have no such problem !!!

Cheers

Raymond.

New Member

Re: FWSM and voip

Cisco Fixup is no good, ... have experience before about ESMTP

see this note :

Note: If you have an ESMTP server behind the PIX, you may need to turn off the Mailguard feature to allow mail to flow properly. Also, doing Telnet to port 25 may not work with the fixup protocol smtp command, especially with a Telnet client that does character mode.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml

So for my POLYCOMs

I shall try :

(1) put up a specific ACL for 1720 to test "with Fixup H323"

(2) if (1) fails, get rid "Fixup H323" and test again

(3) if it still fails, forget Cisco !!!

292
Views
0
Helpful
3
Replies
CreatePlease login to create content