Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure the PIX Firewall to allow multimedia applications with PAT to pass through

Core issue

The PIX Firewall does not permit protocol-specific traffic, related to multimedia applications, to pass through it using Port Address Translation (PAT). Port mappings with PAT can confuse the PIX when it runs multimedia applications. 

PAT does not work with most H.323 multimedia applications and caching name servers. Some multimedia applications can conflict with port mappings provided by PAT. PAT does not work with the established command.

PAT works with these:

  • Domain Name System (DNS)

  • FTP and passive FTP

  • HTTP, email

  • Remote-Procedure Call (RPC)

  • Remote Shell (rshell)

  • Telnet

  • URL filtering and

  • The outbound traceroute command.


To resolve this issue, refer to Configure and Troubleshoot the Cisco Secure PIX Firewall with a Single Internal Network.

Configuring Application Inspection (Fixup) categorizes a few applications and lists whether these applications work with NAT or PAT. Also, refer to the global command, which is used to configure PAT on PIX.

PIX Software Version

PIX version 4.x

PIX version 5.x

PIX version 6.x

PIX version 7.x

Version history
Revision #:
1 of 1
Last update:
‎06-18-2009 03:54 PM
Updated by:
Labels (1)