Instruction/ maintenance manual of the product EDCS-154011 Cisco Systems
Go to page of 11
Copy right © 200 1 Cis co Sy stems , Inc. Page 1 of 11 Integrating Cisco Secure PIX Firewall and IP/VC Videoconferencing Networks An IP/V C A ppl icat ion No te Jonathan Roberts Network Consultant En.
Copy right © 200 1 Cis co Sy stems , Inc. Page 2 of 11 Table o f conten ts Tab le o f con ten ts ................................................................................................ ............................. 2 Intro duc tion .........
Copy right © 200 1 Cis co Sy stems , Inc. Page 3 of 11 Introduc tion This paper explains how to set up the Cisco Secure PIX firewall for use in Cisco IP/VC H.323 deployments. The configuration that will be shown below will be a two-interface PIX 515 running version 6.
Copy right © 200 1 Cis co Sy stems , Inc. Page 4 of 11 Issues with Firewalls and H.323 What makes H.323 so cumbersome to run through a firewall is its use of multiple data ports for a single call. For an H.323 call to take place it must first open an H.
Copy right © 200 1 Cis co Sy stems , Inc. Page 5 of 11 What is NAT? Network Address Translation (NAT) is designed for IP address simplification and conservation, as it enables private IP internetworks that use nonregistered IP addresses to connect to the Internet.
Copy right © 200 1 Cis co Sy stems , Inc. Page 6 of 11 How to configure the Cisco Secure PIX Firewall to allow H.323 traffic For this configuration we will assume the following, which is depicted in figure 1: • The Firewall is a PIX 515 with two interfaces.
Copy right © 200 1 Cis co Sy stems , Inc. Page 7 of 11 Tabl e 1: Two Int erfac e PI X w ith N AT Con figu ratio n Con figu ratio n Des cript ion nameif ethern et0 ou tside s ecurity 0 nameif ethern e.
Copy right © 200 1 Cis co Sy stems , Inc. Page 8 of 11 Breaking down the PIX configuration Fixup protocol Command The first thing that we will look at in the PIX configuration is the H.323 Fixup Protocol. The H.323 fixup on PIX enables users to allow H.
Copy right © 200 1 Cis co Sy stems , Inc. Page 9 of 11 static [ ( internal_if_name , external_if_name ) ] global_ip local_ip [ netmask network_mask ] [ max_conns [ em_limit ]] [ norandomseq ] In the configuration from Table XX, the static command is implemented in this manner: static (inside,outside) 209.
Copy right © 200 1 Cis co Sy stems , Inc. Page 10 of 11 IP/VC 3510 MCU with the IP address of 209.165.201.30, port 2720 will need to be opened. Use the following guidelines for specifying a source, local, or destination address: -Use a 32-bit quantity in four-part, dotted-decimal format.
Copy right © 200 1 Cis co Sy stems , Inc. Page 11 of 11 deny option in an access-list command statement, PIX Firewall discards the packet and generates the following syslog message: %PIX-4-106019: IP.
An important point after buying a device Cisco Systems EDCS-154011 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cisco Systems EDCS-154011 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cisco Systems EDCS-154011 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cisco Systems EDCS-154011 you will learn all the available features of the product, as well as information on its operation. The information that you get Cisco Systems EDCS-154011 will certainly help you make a decision on the purchase.
If you already are a holder of Cisco Systems EDCS-154011, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cisco Systems EDCS-154011.
However, one of the most important roles played by the user manual is to help in solving problems with Cisco Systems EDCS-154011. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cisco Systems EDCS-154011 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
