Firewall Wizards mailing list archives

Re: iChat A/V and Cisco PIX 501 (6.3)

From: Brian Galdino <briangaldino () mac com>
Date: Wed, 28 Apr 2004 10:35:59 -0700

Thanks for the info - does that mean that I will not be able toimplement a solution to accommodate DHCP clients in my environment?How If I was setting this up in an office environment (which Iattempted 6 months ago to no avail), do all of the clients need to havestatic IPs to properly set up the port redirection?

I do have more than one public IP, but i only have 5 - 4 are configuredfor static translations to servers for mail, web, etc. I only have oneIP that I have available as a global address for NAT.


Thanks for the help-
Brian

On Apr 28, 2004, at 06.03, Melson, Paul wrote:

One of you (probably you, since your friend's Linksys may not be
capable) will need to set up port redirection to your Mac for 5060/UDP
and 16384-16403/UDP.  Like so:

static (inside,outside) udp interface outside 5060 172.16.1.4 5060
...

This assumes that .4 is the IP address of the machine you're running
iChat from.  I'm also assuming that since your global is 'interface
outside' that you only have one public IP address to work from.  If

that's not the case, there's a much simpler solution - a static NATrulefor your Mac's IP address to a public IP other than 'interfaceoutside'.


PaulM

-----Original Message-----
I am currently experiencing difficulties getting iChat A/V to work
through my Cisco PIX 501 running PIX OX 6.3. As you can see
below, I am
attempting to connect from my internal address space (172.16.1.x)
through the Internet and through a friends Linksys router to their
internal address space (192.168.1.x).  Using a home D-link
router I had
no problems communicating with the same person.  It seems to
be failing
during translation, and I can't seem to figure out how to get around
it.  Has anyone been able to successfully configure a pix to
work with
iChat, particularly in this type of a configuration using NAT?  Any
help would me most appreciated.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

iChat A/V and Cisco PIX 501 (6.3) Brian Galdino (Apr 27)
- <Possible follow-ups>
- RE: iChat A/V and Cisco PIX 501 (6.3) Melson, Paul (Apr 28)
  - Re: iChat A/V and Cisco PIX 501 (6.3) Brian Galdino (Apr 28)
- RE: iChat A/V and Cisco PIX 501 (6.3) Melson, Paul (Apr 28)