Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
4
Replies

PixFirewall Problems.

fvelasco_rojas
Level 1
Level 1

‎01-23-2009 01:47 PM - edited ‎03-11-2019 07:41 AM

Hi. In my office I have a Pix Firewall 525. That equipment had the 6.3 software version and it was updated to 7.2(4) and now I have a problem: When I try to do a Videoconference with a Polycom Camera, is no possible to connect. I've checked the protocols and I see that with this version, the PixFirewall doesn't manage the "fixup" command for use the h323 protocol. this was changed for a MPF command, because when in the pix I wrote "fixup protocol h323" I recieve an answer "INFO: converting 'fixup protocol h323' to MPF commands". Somebady can tell me how can I do to activate this service again? I think that for this reason I can't use the Videoconferece System. Thanks a lot.

Labels:
0 Helpful
4 Replies 4

pstebner10
Level 1
Level 1

‎01-23-2009 02:57 PM

Check the last part of your config. You should have several entries under a heading titled "policy-map global_policy" that looks something like this:

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323

inspect h323 h225

inspect h323 ras

inspect http

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect icmp

inspect pptp

inspect snmp

service-policy global_policy global

If the 'inspect h323' line is not in there, that is where you would add it instead of doing a 'fixup'

HTH,

Paul

0 Helpful

fvelasco_rojas
Level 1
Level 1
In response to pstebner10

‎01-26-2009 05:00 AM

Hi Paul and I apreciate your help, but it was the first instruction I checked, and that instruction is ok. I don't now if is necesary all the protocols that you say me, because my pix only has the following: policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect netbios inspect ptp inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map --- Thanks a lot.

0 Helpful

Tshi M
Level 5
Level 5
In response to fvelasco_rojas

‎01-26-2009 05:59 AM

I once setup Polycom and I had to add the followings:

1. Create an object group for the ports used by polycom

object-group service VIDEO tcp-udp

port-object range 3230 3235

port-object eq 1720

port-object eq 3603

port-object eq 389

port-object range 1718 1719

port-object range 3235 3258

2. Create an acl to allow video traffic

access-list from-Internet-In extended permit object-group TCP_UDP any host 208.x.x.x bject-group VIDEO

Hope this helps.

0 Helpful

duncanm
Level 1
Level 1

‎01-26-2009 08:53 AM

I gotta ask, what does the PIX say? You either have a ACL drop or a policy drop. The PIX will log both.

Have you run packet tracer?

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/p_72.html#wp1724426

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card