Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Doese the FWSM support SCCP and H.323 stateful inspection

We are going to put phones in a seperate Voice Vlan and want to follow the Cisco IP Telephony Safe document which suggests to use a stateful firewall that supports SCCP so that dynamic pinholes can be opened and closed for UDP/RTP media streams. We know we can do this with IOS or PIX firewalls, but we can't find any documentation stating it is support on FWSM.

3 REPLIES
Cisco Employee

Re: Doese the FWSM support SCCP and H.323 stateful inspection

All the fixup commands in the PIX are unchanged in the FWSM, so if a PIX supports it in 6.2 code (see here http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1067379) then the FWSM will support it also.

See this also for PIX/FWSM command differences/similarities:

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_installation_and_configuration_guide_chapter09186a0080159cb1.html

Community Member

Re: Doese the FWSM support SCCP and H.323 stateful inspection

Thanks! This cleared the air for me. Another problem I see in this scenario is DHCP. DHCP servers will sit on different VLANS than the secured VLANS where IP Phones will be located. I found a couple of posts that said that DHCP relay does not work in the FWSM. Is this true? The posts also mention that this will be a feature in FWSM 2.1 release in Q4 03, which is already past, but I don't see any FWSM 2.1 software on CCO. Do you think it would be best to return the FWSM and go with a regular PIX. The only thing we are going to use the FWSM are for VoIP security (CallManagers, IP Phones, IPCC, ICM, and Unity will be protected).

Cisco Employee

Re: Doese the FWSM support SCCP and H.323 stateful inspection

DHCP Relay is coming in v2.1, which is not ready as yet, not sure when it's due either but shouldn't be too far off (don't quote me on that though :-) )

I can't tell you whether or not to return the FWSM, I'm sure you chose it for some valid reasons which you'll have to way up. The PIX does support DHCP Relay now though so it does have the functionality you want if you go that route.

530
Views
0
Helpful
3
Replies
CreatePlease to create content