Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Pix, VoIP and ATA's

From: "J. Oquendo" <sil () infiltrated net>
Date: Wed, 29 Nov 2006 14:43:45 -0500
Hey all, having an issue with a Pix and VoiP protocols. I have 3 ATA's hooked up to a bridge, that's being given DHCP via a Pix. Every machine works fine getting DHCP and connecting except the ATA's. My connection is as follows: 

Internet --> Adtran Router --> Pix --> Internal
There are no rules on the Adtran side that would prohibit anything, and the Pix is very minimal (mid sized location). The ATA's connect to another Pix which is VPN'd with this one.
LocationA ---> Pix --> Adtran --> Internet --> Adtran --> Pix --> LocationB(ATA's are here) 

I created an acl on LocationB:
access-list acl_inside permit ip 192.168.20.0 255.255.255.0 host xxx.xxx.xxx.xxx
Where xxx.xxx.xxx.xxx is the registrar for these ATA's (LocationB). When it comes to DHCP, the Pix will not spit out an address for these ATA's. Before someone comments: "The ATA's are broken and they're not getting DHCP" or something. I can hook them up into any other device and they will obtain DHCP. I can hook up a laptop into the same ports as the ATA's, and the laptop works fine. Seems like there is something I am missing? If I statically assign them addresses, still no dice. 


Here are relevant Pix configs:

fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69

timeout h323 1:39:00 mgcp 1:39:00 sip 9:30:00 sip_media 1:39:00
timeout sip-disconnect 0:10:00 sip-invite 0:10:00

dhcpd address 192.168.10.2-192.168.10.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside



--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 
The happiness of society is the end of government.
John Adams

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: