Scott, First, you need to get the most recent os
for the pix, otherwise you will have a lot of problems with udp packets and
translations (including bad checksum on your udp packets). I am running both
pix515 and pix501 without a problem with sip and h323. you don’t need to
open any ports on the pix, because the firewall is an ALG( Application layer
gateway). If you have fixup sip enabled on the firewall (there by default), all
packets entering port 5060 is examined and rtp ports are open dynamically as
needed. The same is true for trusted calls (from inside interface) and
untrusted calls (from outside, dmz interfaces). You will need to perform “conduit
permit” commands on the public ip address of Asterisk to allow traffic
from untrusted outside interface to come to trusted inside interface on port
5060 with both tcp and udp(all traffic is disabled by default). Please check on
the exact syntax of “conduit” permit with cisco docs. I don’t believe you will need to
perform this for each RTP port, that should be done automatically by pix Hope this helps Alex From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Wolfe While on my network I can register ok with xlite but outside
my firewall my Xlite says that regestraion has failed but I am still able to
make calls through it. I have opened ports: 5060 udp/tcp and 10000-20000
udp/tcp is there another port Xlite needs for proper regestration? Is is
this a network configuation error on Astrisks part? My Asterisk server is
running a IP of 10.0.1.x and my Cisco firewall is passing the public IP address
to it from the outside. Thanks for any advice. -Scott |
_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users