Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
3
Replies

fixup protocol RTSP

sahmad
Level 1
Level 1

‎01-15-2004 01:10 PM - edited ‎03-09-2019 06:08 AM

I have an RTSP presentation that runs inside an .htm. I believe it is using "HTTP cloaking" as described below from the PIX docs:

"PIX Firewall does not have the ability to recognize HTTP cloaking where RTSP messages are hidden in the HTTP messages."

"PIX Firewall cannot perform NAT on RTSP messages because the embedded IP addresses are contained in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and PIX Firewall cannot perform NAT on fragmented packets."

1. Does this mean NAT will not work with my setup?

2. If I use a public IP address for this server, will it work?

3. Is there a workaround for HTTP cloaking?

Thanks,

RJ

Labels:
0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎01-17-2004 04:59 PM

1- NAT WONT WORK

2- YES, but do nat 0

3- Not sure as of yet, tried to search for bug files but no results

The following restrictions apply to the fixup protocol rtsp command:

1. This PIX Firewall will not fix RTSP messages passing through UDP ports.

2. PAT is not supported with the fixup protocol rtsp command.

3. PIX Firewall does not have the ability to recognize HTTP cloaking where RTSP messages are hidden in the HTTP messages.

4. PIX Firewall cannot perform NAT on RTSP messages because the embedded IP addresses are contained in the SDP files as part of HTTP or RTSP messages. Packets could be fragmented and PIX Firewall cannot perform NAT on fragmented packets.

5. With Cisco IP/TV, the number of NATs the PIX Firewall performs on the SDP part of the message is proportional to the number of program listings in the Content Manager (each program listing can have at least six embedded IP addresses).

6. You can configure NAT for Apple QuickTime 4 or RealPlayer. Cisco IP/TV only works with NAT if the Viewer and Content Manager are on the outside network and the server is on the inside network.

7. When using RealPlayer, it is important to properly configure transport mode. For the PIX Firewall, add an access-list command statement from the server to the client or vice versa. For RealPlayer, change transport mode by clicking Options>Preferences>Transport>RTSP Settings.

If using TCP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use TCP for all content check boxes. On the PIX Firewall, there is no need to configure the fixup.

If using UDP mode on the RealPlayer, select the Use TCP to Connect to Server and Attempt to use UDP for static content check boxes, and for live content not available via Multicast. On the PIX Firewall, add a fixup protocol rtsp port command statement.

0 Helpful

sahmad
Level 1
Level 1
In response to nkhawaja

‎01-18-2004 12:11 AM

Thanks for the reply. I will implement accordingly.

RJ

0 Helpful

sahmad
Level 1
Level 1
In response to nkhawaja

‎01-19-2004 01:55 PM

I want to implement Nat 0 but I am not sure how.

If I put the public IP on the server, than I need to place it on my outside VLAN, correct? Nat 0 allows the ip address to not be translated. I have to use this on my inside LAN behind the PIX and that will not work.

Please advise,

Thanks,

RJ

0 Helpful
Customers Also Viewed These Support Documents