Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX520 How to config for MSN Messenger voice phone call

Status
Not open for further replies.
sepcdf

sepcdf

MIS
Apr 27, 2002
2
CN
Hi,

My company have some 30 PC working behind a pix-520 firewall.Now we want to use MSN Messenger for distant IP telephone. The problem is I can't config the firewall to let the voice come through the pix.

According to the help document of Messenger, if a firewall does not support Upnp (Universal plug and play protocol) ,the udp port (5004-65535) have to be opened.
I did it as follows , but it doesn't work.
conduit permit tcp any any h323
conduit permit udp any any gt 5003

The MSN Messenger help webpage link is:

Can you please give me a solution to solve it.
Thanks in advance.

sepcdf
 
Sort by date Sort by votes
HI.

You will probably need a static mapping of registered ip to the workstation(s) that accept voice connections, in addition to openning ports.

However this can be an obvious security risk as well.

If applicable, I suggest placing a single workstation for that purpose in a DMZ or "dirty" DMZ that will be used for voice only.

Another option, if you are going to use VOIP only to a specific 2nd party, you can try to establish it over a VPN tunnel.

I don't have experience with VOIP so see also what other have to say.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Dear Mr.Yizhar Hurwitz:

Thank you for your reply. I will try your suggestion.

Best wishes

sepcdf
 
Upvote 0 Downvote
Make sure that you are not using PAT in your Global statements. Each time a PC makes a call, it needs to be able to reserve it's own valid IP address from a Global pool. You can issue the Global command to set up the pool, and then issue a second one to allow PAT to take over if there are too many connection requests. They actually call it (PAT) "overloading" in the Cisco lingo. Look on Cisco's site for "overload" and "VOIP" or "H323" and there are some good examples.

Bryan
 
Upvote 0 Downvote
My issue is somewhat the opposite: How to block MS, AOL, YAHOO instant messenger on the pix?

Thankx
 
Upvote 0 Downvote
To block AOL and ICQ close port 5190, unfortunatelly other IM software is "smarter" meaning it searches for open ports, be it 80 or 53 (granted you filter outgoing traffic with access-lists)and than adapts to use it. Solution? Compile a list of IP addresses with servers IM clients initatially log into, than just deny outside access to those ip addresses.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
691
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
600
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
534
XLNTech1
XLNTech1
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
248
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top