First off, upgrade to 6.2(2), there's a lot of issues with H323 and earlier code versions. Even then though, it still may not work, since the PIX doesn't support PAT and H323 versions 3 and 4 until 6.3 code. It should work if you can assign a static one-to-one address translation for the inside PC that you're using, but if you only have one IP address, then there's not a whole lot you can do if it doesn't work after upgrading.
You can also try turning off the H323 fixup's within the PIX, sometimes they cause more harm than good.
I have the same problem with the MSN messenger. I have 6.1(2) version of the PIX firewall. If I can turn off the H323 fixup and ill have a static one to one translation plus allowing access-list to that public address, can this really make me use of the voice and video? Currently i can only use the messaging feature of the messenger using port 1863. What ports do I need to open for the voice and video? Maybe you can post a sample config. Tnx in advance.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...