01-26-2006 05:41 PM - edited 03-09-2019 01:45 PM
Hi everyone,
I have this setup
Inside Outside
Phone(pots)----h323gw----FWSM-----|--IPphone
|
callmanager(outside)
The ip addresses are as follows
on h323gateway to FWSM - 10.130.120.4
on FWSM inside - 10.130.120.1
on FWSM outside - 10.132.120.2
on the CM - 10.132.120.7
on the ip phone - 10.132.120.5
I have the following configuration on
the FWSM
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol skinny 200
nat(inside) 1 10.130.120.0 255.255.255.0
global (outside) 1 10.132.160.100-10.132.160.120
access-list 1 extended permit tcp host 10.130.120.4 host 10.132.120.7
access-group 1 in interface inside
What is happening is when I make a outboud call from pots phone to IP phone,
on the ethereal capture I see that the pots phone sends a request to Callmanager which is on the outside with the ip address 10.132.160.100 and the Callmanager sends a SYN ACK back to pots phone.
Now, pots phone sends a Openlogicalchannel and then the Callmanager sends a RESET.
Can someone tell me what might be happening here?. Am I missing some configuration?.
02-20-2006 04:00 AM
Can you try with NO Fixup commands to analyse.
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol skinny 200
Regards
Amol
03-27-2006 12:40 AM
Just now I have setup POLYCOM Viewstation H323 behind a PIX and in a "DMZ" under the FWSM ... it seems the Calling has started at the foreign POLYCOM, but the call cannot complete connecting. I have noted at the foreign POLYCOM that has picked up a Calling partner of the internal (before NAT) address, which i wonder if that causes the problem !! but WHY ? ... note : my Netscreens have no such problem !!!
Cheers
Raymond.
03-27-2006 07:46 PM
Cisco Fixup is no good, ... have experience before about ESMTP
see this note :
Note: If you have an ESMTP server behind the PIX, you may need to turn off the Mailguard feature to allow mail to flow properly. Also, doing Telnet to port 25 may not work with the fixup protocol smtp command, especially with a Telnet client that does character mode.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml
So for my POLYCOMs
I shall try :
(1) put up a specific ACL for 1720 to test "with Fixup H323"
(2) if (1) fails, get rid "Fixup H323" and test again
(3) if it still fails, forget Cisco !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide