Check if the fixup for SIP is enabled. This will pre-allocate the RTP UDP connections automatically when it analyses the signaling packets. The RTP/RTCP is all dynamic, you do not add these ports forwarding manually . The PIX looks at the packets and determines what ports are requested to open communication and the PIX will open these ports.
If an inside endpoint initiates a call to an outside endpoint, a port is opened to the outside interface to allow RTP/RTCP UDP packets to flow to the inside address and port specified in the INVITE message from the inside endpoint. Unsolicited RTP/RTCP UDP packets to an inside interface will not traverse the Firewall, unless the PIX configuration specifically allows it. The behaviour observed by you does not seem to comply with the above statement. Check for an error messages or debugs to troubleshoot the exact issue.
Thanks for your input. I believe fixup for h323 and sip are enable by default unless default port is changed.
I think I understand the rtp/rtcp is dynamic allocated and handled by h323 fixup after inspecting the h.225 call setup msg according to cco doc on 6.3 but the problem is I don't see these h.245 channels established and that is why outside phone can't answer.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...