Re: iChat and the PIX

["Sauvigne, Craig M" <sauvignec () WINTHROP EDU>]

Thanks to all for the responses. 

Arturo, the problem is that the audio/video connections won't connect.

It works with a static route but we were hoping for some other solution
since we are a university and could have more users try to use iChat.
Right now we only know of one person trying to use it and she brought
this to our attention. 

Craig

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wood, Anne M (wood)
Sent: Tuesday, December 14, 2004 1:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iChat and the PIX

Craig,
We were able to establish audio and video using iChat through a PIX
firewall by creating a static (one-to-one) map for the Internal address
that was going to initiate the iChat session to one of our Internet
routable Ips.  Once that static address was assigned on the pix, the
internal computer could initiate the iChat session.  This would not work
the other way around (outside user initiating iChat session).  Ports
would have to be opened up for this scenario.  We can't support iChat
for our users due to this complication.  I don't know if this is a
common problem with the pix or not, but that is how we got around it for
one special event we held that needed iChat.

Hope this helps.
Anne 

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sauvigne, Craig M
Sent: Tuesday, December 14, 2004 11:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] iChat and the PIX

If your campus is using a Cisco PIX, can you please read this and see if
you have any advice? Our problem has been escalated by a parent to our
President's office...

We have a problem with a student not being able to use iChat from our
campus network.  We have run numerous tests from public and private IP's
through our Cisco PIX and we have run numerous tests from other networks
that don't go through the PIX and it seems we have narrowed down a
problem that our NAT and PAT users cannot use iChat through our PIX if
talking to another user off campus that also has a private IP address.

We have tried "fixup protocol sip 5060" on and off and still no success.

Does anybody have any experience getting iChat to work correctly through
a PIX?

Thanks in advance,

================================
Craig M. Sauvigne
System Administrator
Winthrop University
Rock Hill, SC 29733
sauvignec () winthrop edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.