How to configure the Cisco Secure PIX Firewall to allow H.323 traffic
For this configuration we will assume the following, which is depicted in figure 1:
•The Firewall is a PIX 515 with two interfaces.
•A Gatekeeper with an internal IP address of 10.1.1.10 and an external IP address of 209.165.201.10.
•An H.323 terminal with an internal IP address of 10.1.1.20 and an external IP address of 209.165.201.20.
•A Cisco IP/VC 3510 MCU with an internal IP address of 10.1.1.30 and an external IP address of 209.165.201.30
•An H.323 terminal residing outside the firewall with an IP address of 206.165.201.55
Figure 1: Two Interface PIX with NAT Diagram
Internet 
H.323 Terminal
IP Addr: 209.165.201.55
209.165.201.1
209.165.201.5
10.1.1.5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Cisco MCM Gatekeeper/Proxy | ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||||
H.323 Terminal | H.323 Terminal |
|
|
|
|
| IP Addr: | 10.1.1.10 | |||||||||||||
Cisco IP/VC 3510 MCU |
|
| |||||||||||||||||||
IP Addr: 10.1.1.20 | IP Addr: 10.1.1.21 |
|
| ||||||||||||||||||
IP Addr: 10.1.1.30 |
|
| |||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||
Copyright © 2001 Cisco Systems, Inc. | Page 6 of 11 |
