11-01-2005 02:58 PM - edited 02-21-2020 12:30 AM
Hello all,
I have an IP Phone on Inside, the IP Call Manager is located on the dmz, all the the ports are open between this two devices (permit IP), moreover, I can ping one device to another. But the Ip phone is unable to make a call, no dial tone. I tried first with no NAT, Then natting the Ip call manager to the inside. Any help will be appreciated. Thanks in advance. Mauricio
11-01-2005 06:33 PM
What is your Voice setup in the PIX, you need to enable special commands that is works (option 150 and 66).
example:
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol tftp 69
dhcpd address a.b.c.11-a.b.c.99 voip
dhcpd dns DNSIP
dhcpd wins WinsIP
dhcpd lease 3000
dhcpd ping_timeout 750
dhcpd domain domain.com
dhcpd option 150 ip VoipRemoteGate11 VoipRemoteGate10
dhcpd option 66 ascii VoipRemoteGate11
dhcpd enable voip
See also:
Handle VoIP Traffic with the PIX Firewall
sincerely
Patrick
11-02-2005 06:41 AM
Hello Patrick, Thanks for the information. The first part that you mention is covered here:
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
Regarding the second, there are two IP Phones (AVAYA and Tenovis) trying to connect with IP Call Managers (Avaya G3 and Tenovis respectively)
The Ip Phone and the IP call Manager have their own Ip address as shown here:
IP Phone (inside): 172.16.2.22 255.255.0.0
IP Call manager (dmz): 10.28.2.100 255.255.0.0
These are the rules I created to this traffic:
access-list inside_access_in permit ip host 172.16.2.22 host 10.28.2.100
access-list dmz_access_in permit ip host 10.28.2.100 host 172.16.2.22
access-list no_nat_inside permit ip 172.16.0.0 255.255.0.0 10.28.0.0 255.255.0.0
Do you see anything that I'm missing?
Thanks in advance,
Mauricio
11-02-2005 07:17 AM
Hi,
Can you paste your translation statement use for Inside to DMZ ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide