Cisco Systems EDCS-154011 manual Typical Ports used for H.323 traffic, Helpful Links

Page 11

deny option in an access-listcommand statement, PIX Firewall discards the packet and generates the following syslog message:

%PIX-4-106019: IP packet from source_addr to destination_addr, protocol protocol received from interface interface_name deny by access-group acl_ID

Always use the access-listcommand with the access-groupcommand.

Typical Ports used for H.323 traffic

Port

Protocol

Description

Terminal

MCU

Gateway

Gatekeeper

1300

TCP

H.235 secure signaling

X

X

X

 

1503

TCP

T.120 Data

X

X

X

 

1718

UDP

Gatekeeper discovery

X

X

X

X

1719

UDP

Gatekeeper RAS

X

X

X

X

1720

TCP

H.323 call set-up

X

X

X

 

1731

TCP

Audio call control

X

X

X

 

1820

TCP

Cisco IP/VC GW

 

 

X

 

2720

TCP

Cisco IP/VC MCU

 

X

 

 

1024-65535

TCP

H.245

X

X

X

 

1024-65535

UDP

RTP (video)

X

X

X

 

1024-65535

UDP

RTP (audio)

X

X

X

 

1024-65535

UDP

RTCP (control)

X

X

X

 

Helpful Links

Cisco Secure PIX Configuration Forms

http://www/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/cfgforms.htm

Performance of PIX in H.323

http://wwwin.cisco.com/cmc/cc/pd/fw/sqfw500/tech/h3prf_in.pdf

Microsoft’s How to Establish NetMeeting Connections Through a Firewall

http://support.microsoft.com/support/kb/articles/Q158/6/23.asp?LN=EN-US&SD=g

Cisco's PIX Firewall and Stateful Firewall Security

http://www/warp/public/cc/pd/fw/sqfw500/tech/nat_wp.htm

Other Cisco Secure PIX Firewall configuration examples

http://www.cisco.com/warp/customer/707/index.shtml - pix

PIX Top Issues

http://www.cisco.com/warp/customer/110/top_issues/pix/pix_index.shtml

Pix Support Page

http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIX

How NAT Works

http://www.cisco.com/warp/public/556/nat-cisco.shtml

Copyright © 2001 Cisco Systems, Inc.

Page 11 of 11

Page 10 Page 11
Image 11
Page 10 Page 11
Contents An IP/VC Application Note Table of contents Introduction What is the Cisco Secure PIX Firewall? Issues with Firewalls and H.323Implementing NAT for use with in-bound H.323 traffic What is NAT?Two Interface PIX with NAT Diagram Configuration Description Static command Breaking down the PIX configuration Fixup protocol CommandAccess-list command Access-group aclout in interface outside Access-list aclout permit tcp any hostAccess-group aclID in interface interfacename Helpful Links Typical Ports used for H.323 traffic
Top Page Image Contents