Mitel Teleworker with a PIX firewall

[Jonnyboxcutter]

I am working with a Mitel dealer and they are asking me to assist them in configuring a PIX to work with Teleworker (MAS 6000 I believe). We have confirmed that all the VoIP gear and lab gear work so at this point it has come down to configuration. The best we can get is one-way audio from the web side. We have called Mitel and had a ticket open but that did little for the issue. Does anybody have any ideas or could someone point me to a web site where I could get better info.

Thank you,
JBC

 

[glennmitel]

hello

can you please post a list of all open ports and i will check my pix and compare.

good job i just passed my pix exam


thanks

 

[Jonnyboxcutter]

Thank you for the assistance, please note at this time this is a Lab scenario only, I will tighten this up once we get it working.

The MAS Server is located on the DMZ, and the Mitel 3300 is on the inside.

Here is what we currently have; with this config we have no audio at all

!
access-list outside permit tcp any host masserver_x eq ssh
access-list outside permit tcp any host masserver_x eq 443
access-list outside permit tcp any host masserver_x range 6801 6802
access-list outside permit udp any host masserver_x eq 69
access-list outside permit udp any host masserver_x range 20000 23000
access-list outside permit tcp any host masserver_x eq 3300
access-list outside permit tcp any host masserver_x eq 6880
access-list outside permit icmp any any
!
access-list dmz permit icmp any any
access-list dmz permit tcp any 192.168.1.0 255.255.255.0 eq 443
access-list dmz permit tcp any 192.168.1.0 255.255.255.0 range 6800 6802
access-list dmz permit udp any 192.168.1.0 255.255.255.0 gt 1024
access-list dmz permit tcp any 192.168.1.0 255.255.255.0 eq 39999
access-list dmz permit tcp any 192.168.1.0 255.255.255.0 eq 80
!

From Inside to DMZ and Inside to Outside everything is permitted.

When we had one-way voice it was wide open on all interfaces (permit ip any any). Just for some extra info; I do have a functional alias statement in the config (my understanding is this is required).

Unfortunately my role is network side only, so I don’t have any info on the voice side at this time; I can get it in the morning.

Thank you again for your assistance,
-JBC-

 

[Jonnyboxcutter]

Good job on the PIX test. I need to get to work and recertify, just no time to do it...


-JBC-

 

[glennmitel]

Hello

welcome to the world of teleworker

from past installs of both teleworker and cisco pix its always the littlest thing that is wrong

what is the telework address ?

if its 192.168.1.0 /class c

i have had problems before with using 0 as a host

also what level 3300 software are you running and ip information inc if its a LX or MX

thanks

 

[Jonnyboxcutter]

The teleworker is on the DMZ, its address is
192.186.2.2

The LAN range is 192.168.1.0 (this is where the hand sets are located)

I will get the 3300's software version in the morning.

Thanks again,
-JBC-

 

[Jonnyboxcutter]

I just got off the phone with the Mitel guy and he says that it is working accross the board now. He needed to bounce the Mitel.

Thanks for the help,
-JBC-