Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

H323 - PIX 515E

hi everyone

my problem's about right configurationf for a pix

515e running 6.3.3

the pix is installed between the router which is the end-point to the internet and the internal lan.

The PIX shounld:

make dynamic nat for the private clients for navigating

make static nat for a private GK installed on the private network (the same of the clients) on one pubblic address


ROUTER ----- pif 515e (failover) | private Net

---| (gk and video

inside here)

the videocommunication from the video conference box (video) works like this:

i see and hear the other part

they cant hear and see me

gateways are ok.

Is that possible that making dynamic nat for the whole private network creates problems to the static nat configured for the GK (which is in the same private net) ?

anyone heard particular problems with 6.3.3 regarding


FROM the CISCO site

( :

". If you configure a network static where the network static is the same as a third-party netmask and address, then any outbound H.323 connection fails."

SOMEONE can translate me this point? i couldn't get it..but seems interesting

waiting for suggestions



Re: H323 - PIX 515E

Static takes preference over dynamic and should not be a problem. However, if you still suspect that including the whole private network in dynamic nat is interfearing with the static translation, you could add an additional deny statement to your access list (that defines the inside addresses to be dynamically natted). A similar configuration example for routers is available at

CreatePlease to create content