Firstly thanks for reply

Can you please write down the command to open the port. I dont want to touch my current pix config until i knows the accurate command my network may goes down.

Thanks

it doesn't recommend but if you have to open thoes ports from outside to inside :

access-list acl_out permit udp any any range 16384 20384

access-list acl_out permit udp any any eq 5060

access-list acl_out permit udp any any eq 8000

access-group acl_out in interface outside

please note if a access-group is applied to your outside interface, append above access lists to exist access lists.

if you can pls specify source/destination address or both of them in above access lists.

for more information about those commands :

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755

Thanks for your reply.

See i will explain you why i want to open the port.

I would like to test the voip service through broadvoice they asked me to follow these steps http://www.broadvoice.com/support_install_byod_cis79xx.html

I am using cisco 7940 IP phone. I am not getting registered to the voip provider. They asked to to open the ports as because ip phone is behind firewall.

===================================================

Here is no current Pix Firewall Config

===================================================

Melbourne(config)# sh run

: Saved

:

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxx encrypted

passwd xxxx encrypted

hostname Melbourne

domain-name Lex.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

object-group service UDPList udp

port-object eq 5060

port-object eq 8000

port-object range 16384 20384

access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inbound permit udp any host 203.49.XXX.XXX object-group UDPList

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside pppoe setroute

ip address inside 192.168.0.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 192.168.0.0 255.255.255.0 0 0

access-group inbound in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

http server enable

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac

crypto map rtpmap 1 ipsec-isakmp

crypto map rtpmap 1 match address 101

crypto map rtpmap 1 match address 101

crypto map rtpmap 1 set transform-set SecuritySet

crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 460

8000

crypto map rtpmap interface outside

isakmp enable outside

isakmp key ******** address 61.17.XXX.XXX netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group Internet request dialout pppoe

vpdn group Internet localname lex@dodo.com.au

vpdn group Internet ppp authentication chap

vpdn username lex@dodo.com.au password *********

vpdn enable inside

terminal width 80

Cryptochecksum:xxxx

: end

Melbourne(config)#

================================================

Any Suggestion please so that i can use the voip service through cisco IP Phones.

Thanks

you're using invalid ip address for your ip phone so did you enable nat on the 7940? do you obtain public ip address through pppoe? or you nat again at your service provider

I am using static IP which is provided by ISP. 203.49..xxx.xxx

DHCP is enabled on 7940. I have entered VOIP provider TFTP server in 7940.

Yes i obtain Public IP through PPPOE an you can see in my pix configuration.

Thanks

I am using static IP which is provided by ISP. 203.49..xxx.xxx

DHCP is enabled on 7940. I have entered VOIP provider TFTP server in 7940.