I was told to enter this command on my PIXs if I was running MS live communications Server. My question is if this will affect my VOIP users in other offices connected via box-to-box VPN? If so what could/will happen?
Are you using SIP trunks, phones, etc. in your voice environment? If so, removing this command could affect how this traffic passes through the PIX. The fixup command does things such as defining ports for a given protocol, opening secondary ports for the protocol as needed, and application inspection for the protocol. If you're not using SIP, there should be no problem. Just keep in mind that as SIP becomes more and more pervasive, you may have to reenable this command at some point.
I also faced the similar problem. In my case all SIP servers were out side the PIX on internet and all internal clients using private IPs were not able to make voice calls.
When the "fixup protocol sip" is enabled then pix start inspecting all the sip packets and private IP address within the SIP registeration headers were also changed to a NAT public IP. When "no fixup protocol SIP" was configured problem was solved and all internal clients were able to make calls.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...