Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NetMeeting through PIX 515

Status
Not open for further replies.
secureinc

secureinc

Technical User
Feb 18, 2002
34
US
I need to open up MS NetMeeting on my PIX firewall. I have heard that NetMeeting is a huge security risk, but I still need this done. Below is my ACL...

access-list outside permit icmp any any
access-list outside permit tcp any host 66.35.160.x eq www
access-list outside permit tcp any host 66.35.160.x eq 1494
access-list outside permit udp any host 66.35.160.x eq 1604
access-list outside permit tcp any host 66.35.160.x eq ftp
access-list outside permit tcp any host 66.35.160.x eq telnet
access-list outside permit tcp any host 66.35.160.x eq 5631
access-list outside permit udp any host 66.35.160.x eq 5632
access-list outside permit tcp any host 66.35.160.x eq 8081
access-list outside permit tcp any host 66.35.160.x eq 8080

How do I open up NetMeeting? Please help, I am at a loss...

Thank you
 
Sort by date Sort by votes
you need to open tcp ports 389, 522, 1503, 1720 and 1731. Make sure you have 6.2.2 running on your PIX. Hope this helps!
 
Upvote 0 Downvote
Alternatives:

Pre 6.2.2 you can open those ports, create a static inside outside and run a little app to convert the inside IP to the external IP to route correctly (can't recall app name as I'm at home).

Or: Use Yahoo IM with its webcam software as that can use port 80 to go out and return to source IP which cuts down security risk.
 
Upvote 0 Downvote
You shouldn't need to open up anything other than the h323 port to whatever machine you want to connect to with net meeting. You must also have the fixup protocol h323 statement in your config.

The way the netmeeting protocol works (in a nutshell) is a control message is sent over the h323 port telling the destination netmeeting machine what dynamic ports will be used for this netmeeting session.

As long as you have a static mapping to the internal machine, and port h323 open, the cisco pix will intercept and look at all the h323 traffic. When it gets a legitimate h323 connection, it will dynamically open the necessary ports for that specific netmeeting session to happen.

I hope this helps.

Jcanuk
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
81
iggsterman
iggsterman
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
69
brownmab53
brownmab53
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
91
Russtoleum
Russtoleum
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
137
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top