Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Voip from outside pix

Has anyone successed with fixup h323 for voip through the pix firewall. CCO seems to say the fixup h323 should have fixed the problem but I seem can't make it work !

My scanario:

CCM ( and IP Phones ) --(inside) PIX (outsie) -- IP Phone ( with some wireless 7920s )

Calls from outside to inside work OK.

Calls from inside to outside: Phone ring (signalling works OK) but no audio. Can't answer the phone. I can't see the dynamic RTP/RTCP on the PIX between the phones.

(I tested with 6.0 and 6.3 )



Re: Voip from outside pix

Check if the fixup for SIP is enabled. This will pre-allocate the RTP UDP connections automatically when it analyses the signaling packets. The RTP/RTCP is all dynamic, you do not add these ports forwarding manually . The PIX looks at the packets and determines what ports are requested to open communication and the PIX will open these ports.

If an inside endpoint initiates a call to an outside endpoint, a port is opened to the outside interface to allow RTP/RTCP UDP packets to flow to the inside address and port specified in the INVITE message from the inside endpoint. Unsolicited RTP/RTCP UDP packets to an inside interface will not traverse the Firewall, unless the PIX configuration specifically allows it. The behaviour observed by you does not seem to comply with the above statement. Check for an error messages or debugs to troubleshoot the exact issue.

New Member

Re: Voip from outside pix

Thanks for your input. I believe fixup for h323 and sip are enable by default unless default port is changed.

I think I understand the rtp/rtcp is dynamic allocated and handled by h323 fixup after inspecting the h.225 call setup msg according to cco doc on 6.3 but the problem is I don't see these h.245 channels established and that is why outside phone can't answer.