02-08-2007 02:26 PM - edited 03-11-2019 02:30 AM
Hey All,
I have a PIX 515E 7.2(2) with a Win2003 Server in the DMZ. I can stream traffic without problem's internally but externally it just doesn't work. I have all of the required ports open ( 1755, 554, 80, UDP -1024-5000,...) and there is nothing dropped in the logs but streaming doesn't work. If I move the Media Server out from behind the PIX it works great but behind the PIX it doesn't work. I can get to the web server on the media server but I'm not able to stream. What gives? I'm sure I've forgotten to add some detail's here but I'll be happy to add any info needed. Thanks!
02-08-2007 05:14 PM
hi .. I am assuming you have configured a one to one static NAT and that you have allowed incoming traffic on the ports you mentioned on the access-list applied to the outside interface correct ..?
02-09-2007 12:29 PM
Yes, you are correct. I have a one to one static NAT and have allowed incoming traffic on the outside interface for the ports I mentioned. I have also used the Packet Tracer in ASDM and it says the traffic will be accepted for all of the necessary ports from the outside to the DMZ.
02-11-2007 12:34 AM
check the fixup protocol in your configuration for RTSP protocol.
02-14-2007 01:12 PM
I don't believe 7.2(2) uses the fixup command anymore.
02-14-2007 01:40 PM
what are you talking about? See below:
CiscoPix# sh ver
Cisco PIX Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "flash:/pix722.bin"
Config file at boot was "startup-config"
CiscoPix up 9 days 4 hours
Hardware: PIX-525, 128 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash E28F400B5T @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 0004.c161.5536, irq 10
1: Ext: Ethernet1 : address is 0004.c161.5537, irq 11
2: Ext: Ethernet2 : address is 0002.b318.0a83, irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Restricted (R) license.
Serial Number: xxxxxxx
Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Configuration last modified by enable_15 at 20:54:46.084 UTC Wed Feb 14 2007
CiscoPix# conf t
CiscoPix(config)# fixup protocol ftp 21
INFO: converting 'fixup protocol ftp 21' to MPF commands
CiscoPix(config)#
David
02-14-2007 04:01 PM
Thanks for the response and you are correct there is legacy support for the fixup command but I'm not actually using RTSP for streaming, I'm using ms-streaming(1755). I had opened RTSP but after watching some successful connections from my inside interface I could see that it wasn't needed when connecting from windows media player.
02-14-2007 04:11 PM
Okay, I am wrong about not using RTSP. I just checked a streaming connection and it is using RTSP so disregard my last comment. I'll try turning of inspection for RTSP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide