Problem with Netmeeting over the PIX

pokwan · ‎09-02-2002

Hi,

We have a problem where we can't get netmeeting to work properly over the PIX 525 firewall (version 5.3(2)). Audio and video are working fine but not data functionality (chat, ftp ...etc). We did permit the following tcp ports 7648, 1731, 1503, 8000, h323 and udp ports 7648, 24032, 135 (netbios-ns). I did not see any ports being blocked on the firewall at all.

The Cuseeme server used is on version 6.0 and the client netmeeting is on version 3.01.

The Cuseeme server (203.21.6.97) resides on the DMZ of the PIX. Users on the OUTSIDE of the PIX worked fantastically but not internal users on the INSIDE of the PIX.

We have the following translation on the firewall

global (perim) 1 172.30.1.2-172.30.45.254 netmask 255.255.0.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Thinking that the NAT above might be the cause, we removed the NAT with the following commands

nat (inside) 0 access-list no_nat

access-list no_nat permit ip any 203.21.6.0 255.255.255.0

The above didn't work either.

Is there any issue with the PIX firewall version 5.3(2)? Does anyone know what the problem might be?

Thanks.

gfullage · ‎09-02-2002

There has been many, many, many bug fixes since 5.3(2) with H323 and NAT/PAT among others. I'm actually surprised your audio/video is working, but the it's probably because you're NAT'ing the traffic and not PAT'ing.

Before troubleshooting this any further, I'd upgrade to 6.2(2) and see if everything works then. The nat changes you made to the config shouldn't make any difference, going by your original commands the traffic will be NAT'd and therefore should be OK.

pokwan · ‎09-03-2002

Thanks for your information. I will upgrade the pix to version 6.2(2). Before I do that, is there any upgrade issue that I should be aware of .. ie. activation key...etc??

Thanks.