Solved: Re: Cisco ZBF & Facetime

nicolas.bedard · ‎05-26-2011

Does anyone know how to let facetime going through Cisco ZBF ?

It uses a bunch of ports like describled in Apple's KB: http://support.apple.com/kb/HT4245

Now what can I do if I let those protocol going out:

class-map type inspect match-any INTERNET-ACCESS_CLASS
match protocol http
match protocol https
match protocol ftp
match protocol smtp
match protocol pop3
match protocol ipsec-msft
match protocol isakmp
match protocol imaps
match protocol imap3
match protocol imap
match protocol icmp
match protocol msnmsgr

How can I get facetime going out ?

I use a 1811-SEC router

thanks !

Loren Kolnes · ‎05-26-2011

Hi Nicols,

You could try using port-maps to define the facetime traffic to be inspected. Something like the following:

ip port-map user-facetime1 port udp 3478 3497

ip port-map user-facetime2 port udp 16384 16387

ip port-map user-facetime3 port udp 16393 16402

ip port-map user-facetime4 port tcp 5223

class-map type inspect match-any facetime_access_class

match protocol user-facetime1

match protocol user-facetime2

match protocol user-facetime3

match protocol user-facetime4

class-map type inspect match-any INTERNET-ACCESS_CLASS

match protocol http

match protocol https

match protocol ftp

match protocol smtp

match protocol pop3

match protocol ipsec-msft

match protocol isakmp

match protocol imaps

match protocol imap3

match protocol imap

match protocol icmp

match protocol msnmsgr

match class-map facetime_access_class

Let me know if you have any questions.

Thanks,

Loren

View solution in original post

Loren Kolnes · ‎05-26-2011

Hi Nicols,

You could try using port-maps to define the facetime traffic to be inspected. Something like the following:

ip port-map user-facetime1 port udp 3478 3497

ip port-map user-facetime2 port udp 16384 16387

ip port-map user-facetime3 port udp 16393 16402

ip port-map user-facetime4 port tcp 5223

class-map type inspect match-any facetime_access_class

match protocol user-facetime1

match protocol user-facetime2

match protocol user-facetime3

match protocol user-facetime4

class-map type inspect match-any INTERNET-ACCESS_CLASS

match protocol http

match protocol https

match protocol ftp

match protocol smtp

match protocol pop3

match protocol ipsec-msft

match protocol isakmp

match protocol imaps

match protocol imap3

match protocol imap

match protocol icmp

match protocol msnmsgr

match class-map facetime_access_class

Let me know if you have any questions.

Thanks,

Loren

nicolas.bedard · ‎10-28-2011

I needed to modify it a bit. But it's working.

here is what I changed in the config:

ip port-map user-facetime1 port udp from 3478 to 3497

ip port-map user-facetime2 port udp from 16384 to 16387

ip port-map user-facetime3 port udp from 16393 to 16402

ip port-map user-facetime4 port tcp 5223