Cisco Systems EDCS-154011 manual Two Interface PIX with NAT Diagram

Page 6

How to configure the Cisco Secure PIX Firewall to allow H.323 traffic

For this configuration we will assume the following, which is depicted in figure 1:

The Firewall is a PIX 515 with two interfaces.

A Gatekeeper with an internal IP address of 10.1.1.10 and an external IP address of 209.165.201.10.

An H.323 terminal with an internal IP address of 10.1.1.20 and an external IP address of 209.165.201.20.

A Cisco IP/VC 3510 MCU with an internal IP address of 10.1.1.30 and an external IP address of 209.165.201.30

An H.323 terminal residing outside the firewall with an IP address of 206.165.201.55

Figure 1: Two Interface PIX with NAT Diagram

Internet

H.323 Terminal

IP Addr: 209.165.201.55

209.165.201.1

209.165.201.5

10.1.1.5

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cisco MCM Gatekeeper/Proxy

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

H.323 Terminal

H.323 Terminal

 

 

 

 

 

IP Addr:

10.1.1.10

Cisco IP/VC 3510 MCU

 

 

IP Addr: 10.1.1.20

IP Addr: 10.1.1.21

 

 

IP Addr: 10.1.1.30

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2001 Cisco Systems, Inc.

Page 6 of 11

Page 5 Page 7
Image 6
Page 5 Page 7
Contents An IP/VC Application Note Table of contents Introduction Issues with Firewalls and H.323 What is the Cisco Secure PIX Firewall?What is NAT? Implementing NAT for use with in-bound H.323 trafficTwo Interface PIX with NAT Diagram Configuration Description Breaking down the PIX configuration Fixup protocol Command Static commandAccess-list command Access-list aclout permit tcp any host Access-group aclID in interface interfacenameAccess-group aclout in interface outside Typical Ports used for H.323 traffic Helpful Links
Top Page Image Contents