Educause Security Discussion mailing list archives
Re: iChat and the PIX
From: "Sauvigne, Craig M" <sauvignec () WINTHROP EDU>
Date: Tue, 14 Dec 2004 16:09:33 -0500
Thanks to all for the responses. Arturo, the problem is that the audio/video connections won't connect. It works with a static route but we were hoping for some other solution since we are a university and could have more users try to use iChat. Right now we only know of one person trying to use it and she brought this to our attention. Craig -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wood, Anne M (wood) Sent: Tuesday, December 14, 2004 1:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iChat and the PIX Craig, We were able to establish audio and video using iChat through a PIX firewall by creating a static (one-to-one) map for the Internal address that was going to initiate the iChat session to one of our Internet routable Ips. Once that static address was assigned on the pix, the internal computer could initiate the iChat session. This would not work the other way around (outside user initiating iChat session). Ports would have to be opened up for this scenario. We can't support iChat for our users due to this complication. I don't know if this is a common problem with the pix or not, but that is how we got around it for one special event we held that needed iChat. Hope this helps. Anne -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sauvigne, Craig M Sent: Tuesday, December 14, 2004 11:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] iChat and the PIX If your campus is using a Cisco PIX, can you please read this and see if you have any advice? Our problem has been escalated by a parent to our President's office... We have a problem with a student not being able to use iChat from our campus network. We have run numerous tests from public and private IP's through our Cisco PIX and we have run numerous tests from other networks that don't go through the PIX and it seems we have narrowed down a problem that our NAT and PAT users cannot use iChat through our PIX if talking to another user off campus that also has a private IP address. We have tried "fixup protocol sip 5060" on and off and still no success. Does anybody have any experience getting iChat to work correctly through a PIX? Thanks in advance, ================================ Craig M. Sauvigne System Administrator Winthrop University Rock Hill, SC 29733 sauvignec () winthrop edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- iChat and the PIX Sauvigne, Craig M (Dec 14)
- <Possible follow-ups>
- Re: iChat and the PIX Joe Marshall (Dec 14)
- Re: iChat and the PIX Stephen Bernard (Dec 14)
- Re: iChat and the PIX Arturo Servin (Dec 14)
- Re: iChat and the PIX Wood, Anne M (wood) (Dec 14)
- Re: iChat and the PIX Mike Radomski (Dec 14)
- Re: iChat and the PIX Sauvigne, Craig M (Dec 14)