Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
3
Replies

Ip Phone Through PIX 515

mmoscoso
Level 1
Level 1

‎11-01-2005 02:58 PM - edited ‎02-21-2020 12:30 AM

Hello all,

I have an IP Phone on Inside, the IP Call Manager is located on the dmz, all the the ports are open between this two devices (permit IP), moreover, I can ping one device to another. But the Ip phone is unable to make a call, no dial tone. I tried first with no NAT, Then natting the Ip call manager to the inside. Any help will be appreciated. Thanks in advance. Mauricio

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎11-01-2005 06:33 PM

What is your Voice setup in the PIX, you need to enable special commands that is works (option 150 and 66).

example:

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol tftp 69

dhcpd address a.b.c.11-a.b.c.99 voip

dhcpd dns DNSIP

dhcpd wins WinsIP

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd domain domain.com

dhcpd option 150 ip VoipRemoteGate11 VoipRemoteGate10

dhcpd option 66 ascii VoipRemoteGate11

dhcpd enable voip

See also:

Handle VoIP Traffic with the PIX Firewall

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00801fc74a.shtml

sincerely

Patrick

0 Helpful

mmoscoso
Level 1
Level 1
In response to Patrick Iseli

‎11-02-2005 06:41 AM

Hello Patrick, Thanks for the information. The first part that you mention is covered here:

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

Regarding the second, there are two IP Phones (AVAYA and Tenovis) trying to connect with IP Call Managers (Avaya G3 and Tenovis respectively)

The Ip Phone and the IP call Manager have their own Ip address as shown here:

IP Phone (inside): 172.16.2.22 255.255.0.0

IP Call manager (dmz): 10.28.2.100 255.255.0.0

These are the rules I created to this traffic:

access-list inside_access_in permit ip host 172.16.2.22 host 10.28.2.100

access-list dmz_access_in permit ip host 10.28.2.100 host 172.16.2.22

access-list no_nat_inside permit ip 172.16.0.0 255.255.0.0 10.28.0.0 255.255.0.0

Do you see anything that I'm missing?

Thanks in advance,

Mauricio

0 Helpful

dominic.caron
Level 5
Level 5
In response to mmoscoso

‎11-02-2005 07:17 AM

Hi,

Can you paste your translation statement use for Inside to DMZ ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card