Configuring PIX for SIP

petedempsey · ‎03-11-2004

I was wondering if you could help me out. In our office here, we have an Interactive Intelligence Telephony Server with an ip address of 192.169.0.20. In this server, there is also an AudioCodes card used for RTP sessions. This card has the ip address of 192.169.0.21. On our firewall, we have a static NAT mapping 192.169.0.20 to an outside address of 212.58.28.157. The UDP ports 5060 (for SIP) and 16384-32767 (for RTP sessions) are open for this inside addess. The problem we have is that when a call is made to 212.58.28.157 using a SIP client we have, the call is connected but there is no sound. We need to configure the firewall so that when a SIP call is made to our outside address the UDP traffic on ports 16384-32767 go to 192.169.0.21 and UDP traffic on port 5060 go to 192.169.0.20. Is this possible?

Failing that, is it possible to direct all traffic to our outside address to both 192.169.0.20 and 192.169.0.21?

If either way is possible, could you tell me how to do it either using CLI or PDM?

Thanks

gfullage · ‎03-12-2004

You should be able to do this with the following (haven't tested this):

static (inside,outside) 212.58.28.157 192.169.0.21 netmask 255.255.255.255

static (inside,outside) udp 212.58.28.157 5060 192.169.0.20 5060 netmask 255.255.255.255

static (inside,outside) tcp 212.58.28.157 5060 192.169.0.20 5060 netmask 255.255.255.255

You'll get a warning that the addresses overlap, but as long as the port-specific statics are above the general static when you do a "wr term" (static's are read from top down), then you should be fine.