Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 515, Polycom FX, & Netmeeting --HELP!

Status
Not open for further replies.
smikes19

smikes19

MIS
Oct 18, 2001
62
0
0
US
Hi, I have a PIX 515 flashed with 6.1, a Polycom Viewstation FX, and external computers running netmeeting.

-the Polycom Viewstation FX is h323 compliant
-internal netmeeting computers can connect to the polycom ok
-external netmeeting computers cannot connect

Here is my config...

access-list acl_out permit tcp any host 63.206.xxx eq www
access-list acl_out permit tcp any host 63.206.xxx eq h323
access-list acl_out permit tcp any any eq h323
static (inside,outside) 63.206.xxx 192.9.xxx netmask 255.255.255.255 0 0

what else do I need to do to get this darn thing to work??? I've also tried doing a

access-list acl_out permit tcp any host 63.xxxx
access-list acl_out permit udp any host 63.xxx

but to no avail....Please help! thanks...
 
Sort by date Sort by votes
HI.

What about the FIXUP H323 command?
Is it in your config?
Is it using the correct port number?


Try to debug at the PIX:
logging buffer 7
show log

Another test you should try -
Connect a workstation to the PIX outside interface, and try to netmeet from there. Can you?
Your problem might be not in the PIX but somewhere else, like an ISP router, transparent proxy, or something.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Hi Yizhar,
thanks for the input. The fixup line is there, and no, netmeeting doesn't work from our DMZ...but it does internally. What makes me wonder is that even opening up all the tcp and udp ports doesnt work...am i missing something?

thanks,
mike
 
Upvote 0 Downvote
Hi.

A simple question but, have you placed an access-group command?

You mentioned placing a workstation in the DMZ, but what about connecting a workstation to the OUTSIDE interface of PIX?

Where is the viewstation connected to? INSIDE?
What about Netmeeting to Netmeeting connections?
What about HTTP connections? Do they work?

Are there additional access-lists?


What about SYSLOG messages - what do you get?

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Are you using NAT with your PIX? the H.323 protocol can not function using PAT, so you will need a range of addresses assigned to NAT.
 
Upvote 0 Downvote
Hi,

Since you mentioned netmeeting works from the inside network, most likely cause of failure for the DMZ is the lack of a translation rule for the DMZ.
The config you gave shows the line:

static (inside,outside) 63.206.xxx 192.9.xxx netmask 255.255.255.255 0 0

You will also need a static rule for the DMZ (even if it is non-translated, in which case it will look like 'static (dmz,outside) <ip-DMZ> <ip-DMZ> netmask <mask DMZ>' )

Hope this helps...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
145
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
161
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
45
tklamb
tklamb
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
56
PauS0n
PauS0n
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top