i need some advice/help with my pix 515 firewall runnig Code 6.x. We are trying to stream our radio station both internally and externally. our internal setup works fine, but we are having an issue getting RTSP working through our PIX.
our whole network is cisco with a 4507 core switch and 35xx on the edges. our streaming server already has a 1 to 1 nat on our pix for some port 80 stuff etc. i did find this post on a site and needed a little guidance. our streaming server is on a vlan called vlan 30 and has an internal address of 172.16.30.x which nats to our public on the pix. here is the post:
**OK, I got it working -- thanks to you're ideas!!!! It is also a very clean
solution opening up nothing except RTSP in the firewall.
Here is what I did:
1. Assigned a public IP address to the QTSS Server's (it also still has the
private IP address)
2. Disabled NAT'ing of the IP address. For example if you assign a Public
IP address of 184.108.40.206 with a /24 (255.255.255.0) subnet mask (obviously this
is just a made-up address), you would enter the following:
Pix# access-list 300 permit ip 220.127.116.11 255.25
Pix# nat (inside) 0 access-list 300
NOTE: if you are already using this nat command and refering to an existing
access-list, you should add the access-list entry to the already existing
access-list # -- as you can only reference 1 access list in the nat command.
and the access list that opens port 80 for the web services on there. it is a windows 2003 server so do i leave the machine port on vlan 30 and add the public ip to the box or do i now trunlk the port to allow the public and private ip? confused a little.
also is that nat command from the post valid? i need some guidance as to what exactly to do. i origianlly kept the 1-1 nat and added rtsp fixup then added another access list to allow rtsp but that didnt work.
The network card of the streaming server (which is only connected to VLAN30 I presume) should have the IP address 172.16.30.x. The firewall will translate that private IP address to the public IP address that your ISP has provided your organisation. I am assuming that the firewall already has translation rules (NAT rules) set up which allow internet hosts communicate with the streaming server.
I got it working following the directions from the last poster. the only problem i am having now is it isnt a smotth stream going through the pix. internally it is, but from the outside, it pauses every 3 seconds then continues on. any suggestions for this issue?
bandwidth should be fine, we have a ds3 and peak utilization is usually only about 15%.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :