Breaking down the PIX configuration
Fixup protocol Command
The first thing that we will look at in the PIX configuration is the H.323 Fixup Protocol. The H.323 fixup on PIX enables users to allow H.323 traffic to pass though the PIX.
The two major functions of the fixup are to:
1.NAT the necessary embedded IPv4 addresses in the H.225 and H.245 signaling channels. Since H.323 messages are encoded in PER encoding format, PIX uses an ASN.1 decoder to decode the H.323 messages.
2.Dynamically allocate the negotiated H245 and RTP/RTCP messages. The PIX administrator must open a conduit for the
The H.323 ITU standard requires that the H.225 and H.245 messages be preceded by a TPKT header to define the length of the message since it is passed on the reliable connection. Since the TPKT header does not necessarily need to be sent in the same TCP packet as the H.225/H.245 message, PIX must remember the TPKT length in order to process/decode the messages properly. PIX keeps a data structure for each connection, and that data structure contains the TPKT length for the next expected message.
If the PIX needs to NAT any IP addresses, then it will have to change the checksum, the UUIE
Each connection with a packet going thru the H.323 fixup will be marked as an H.323 connection and will timeout with the H.323 timeout as configured by the user via the "timeout" command.
Static command
The static command creates a permanent mapping (called a static translation slot or "xlate") between a local IP address and a global IP address. Use the static and
Copyright © 2001 Cisco Systems, Inc. | Page 8 of 11 |