Re: How to establish NetMeeting connections through PIX

d.higginbotham · ‎11-08-2004

MS KB article # 158623 speaks to 5 static port numbers: 389,522,1503,1720, and 1731. And two dynamic port settings. How do I configure my PIX to pickup these dynamic ports?

sachinraja · ‎11-09-2004

just configure access-lists that will allow these connections to go through the PIX. if these connections are originating from the inside interface and there are already existing access-lists on the inside interface, add these..

access-list inside permit tcp src dest eq 389

access-list inside permit tcp src dest eq 522

access-list inside permit tcp src dest eq 1503

access-list inside permit tcp src dest eq 1720

access-list inside permit tcp src dest eq 1731

do let us know if you need any more assistance..

sachinraja · ‎11-09-2004

Sorry.. forgot to add.. if you have a PIX at the destination, the same ports needs to be opened on the outside interface of the PIX to allow netmeeting.

Note; make sure if you have the IP connectivity first between the end devices.

d.higginbotham · ‎11-09-2004

Thank you for your response. This is what I have in the PIX config now:

access-list acl-out permit tcp any host 123.123.123.123 eq h323

access-list acl-out permit tcp any host 123.123.123.123 eq ldap

access-list acl-out permit tcp any host 123.168.123.123 eq 522

access-list acl-out permit tcp any host 123.123.123.123 eq 1503

access-list acl-out permit tcp any host 123.123.123.123 eq 1731

static (inside,outside) 123.123.123.123 10.10.10.10 netmask 255.255.255.255 0 0

access-group acl-out in interface outside

I have two more questions.

If I understand correctly you are saying I need to also apply these to the inside interface?

This would take care of the static ports but does this take care of the dynamic ports mentioned in the Microsoft KB article?

Thanks again.