RE: iChat A/V and Cisco PIX 501 (6.3)

["Ahmed, Balal" <balal.ahmed () capgemini com>]

Starting in Pix OS version 6.3. Cisco introduced the SIP fixup feature. This
needs to be enabled for the correct port. 

The cisco documentation however claims that "SIP supports the Chat feature
on Windows XP using Windows Messenger RTC Client version 4.7.0105 only" 

You may use the sh sip and the sh sip state commands for troubleshooting

HTH

Balal

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Melson, Paul
Sent: 28 April 2004 19:13
To: Brian Galdino
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] iChat A/V and Cisco PIX 501 (6.3)

You probably won't be able to use DHCP with statics on your network as
you describe it.  The only way I could think of to do this would be
statically map a MAC address to an IP address on your DHCP server.
Which, BTW, isn't a feature of the PIX dhcpd.  

The way I would set this up in an office environment would be to use a
NAT pool with an overload address and DHCP.  That way, assuming that the
number of users is close to the number of public addresses in the NAT
pool, most users would automatically get a static NAT, and would only
use global PAT if there were no more available external addresses in the
NAT pool.

PaulM

> -----Original Message-----
> Thanks for the info - does that mean that I will not be able to 
> implement a solution to accommodate DHCP clients in my environment?  
> How If I was setting this up in an office environment (which I 
> attempted 6 months ago to no avail), do all of the clients 
> need to have 
> static IPs to properly set up the port redirection?
>
> I do have more than one public IP, but i only have 5 - 4 are 
> configured 
> for static translations to servers for mail, web, etc.  I 
> only have one 
> IP that I have available as a global address for NAT.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


=======================================================

This message contains information that may be privileged or 
confidential and is the property of Capgemini UK plc. 
It is intended only for the person to whom it is addressed. If you
 are not the intended recipient, you are not authorised to read, print, 
retain, copy, disseminate, distribute, or use this message or any part 
thereof. If you receive this message in error, please notify the sender 
immediately and delete all copies of this message.

=======================================================




Our name has changed, please update your address book to the following format for the latest identities received 
"recipient () capgemini com".

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It 
is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized 
to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  
message in error, please notify the sender immediately and delete all  copies of this message.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards